Configure internal authentication

The Internal (Built-in) Identity Provider stores users and roles in the Semarchy repository. This identity provider is configured by default. It is a commodity to manage users and roles locally in Semarchy xDM when there is no enterprise identity provider in place.

The Internal (Built-in) identity provider, listed in the Identity Management editor, cannot be deleted. You can disable it to force all users to connect with the other identity providers configured.

Log in with the internal identity provider

For a user to connect using this identity provider, two conditions must be met:

  • The Internal (Built-in) identity provider must be enabled. You can disable it to force all users to connect with the other identity providers.

  • The user must have Enable Internal Authentication selected. A user for which this option is not selected must connect using another identity provider.
    See Manage Users to learn how to enable or disable internal authentication for users.

A user that does not exist in any third-party identity provider, and for which Enable Internal Authentication is not selected will not able to connect to Semarchy xDM.

Supported capabilities

With the internal authentication, the authenticating user credentials (user name and password) are entered in a login form.

This identity provider has limited capabilities:

  • A user connecting with the internal authentication is granted the Default Roles defined for this identity provider, plus the roles granted to that user. The internal identity provider does not support Role Mapping.

    The Internal (Built-in) identity provider is configured by default with the semarchyConnect default role, which means that all users connecting with the internal authentication can access Semarchy xDM with minimal privileges.
  • The profile information for the user is always stored in the repository. As such, Profile Synchronization is not available. However, you can define the Default Value and the User Access (Hidden, Read, Read/Write) for each profile property.