Identity Providers

Identity Providers supply the list of identities. There are three types:

Capstone Built-in: Provided by Capstone.

Capstone PARCsecurity: Custom identity list created by users. The default PARCsecurity identity provider is named “dataPARC”. Permissions set on PARCsecurity groups can also be applied to AD users by adding AD groups to PARCsecurity groups.

Microsoft Active Directory: Identity list supplied by Active Directory.

Enabled: Whether identities from this provider can be used for sign in.

Public: Applies to Active Directory identity providers. If checked, the provider name will appear in the provider list on the sign in window. This allows users to sign in with an AD identity other than the currently logged in user, but also exposes the name of the provider, which could be a security risk. Also, this sign in method could expose the username and password, another potential security risk. If unchecked, users can only sign in with an AD identity via Windows Integrated authentication (most secure).

Virtual Users: Applies to Active Directory identity providers. If checked, Active Directory users that have not been manually added to the list of PARCsecurity Identities can still be used to sign in to dataPARC applications. These “virtual users” will inherit permissions through group membership (Everyone group and any AD groups to which they belong). If unchecked, only AD users that have been manually added to the list of PARCsecurity identities can still be used to sign in to dataPARC applications