1.3.2. User Authentication

The platform supports different user authentication mechanisms, such as Kerberos, NTLM, etc. The user accounts can originate from a variety of sources, including LDAP, Active Directory, FreeIPA, TACACS+, RADIUS, and SAML IDP. SAML IDP, Kerberos, and NTLM allow transparent (i.e., without requesting a username and password) authentication of Active Directory domain users.

The administrator can configure security rules, link bandwidth, firewall rules as well as content filtering and application control rules for individual users, user groups, or all known or unknown users. In addition, UserGate supports the application of security rules to terminal service users via dedicated Terminal Services Agents and the use of an authorization agent for Windows platforms.

For better user account security, multi-factor authentication with TOTP (Time-based One Time Password Algorithm) tokens, SMS, or email should be used.