Introduction
Fortanix-Data-Security-Manager (DSM) provides access to its functions and APIs to two types of entities – humans (users), and machines (applications). There are many ways to authenticate to Fortanix DSM for both users and applications, which vary in terms of ease of use, integration with existing enterprise IAM (Identity and Access Management Systems), and level of security. Once authenticated, there is an elaborate access control mechanism that controls which entity has the authorization to perform which function under what conditions.
For more information about configuring user authentication using password and Single Sign-On (SSO), refer to the User's Guide: Authentication.
NOTE
Authentication using either a password or Single Sign-On (SSO) can be configured at the System Administration level for the system administrator (sysadmin) account. Members of a sysadmin account—including system administrators and operators—can choose to log in using either their password or SSO. If SSO is enforced, all members must use SSO to access the system administrator account. If two-factor authentication (2FA) with a YubiKey is configured, an additional verification step using the YubiKey is required after password authentication.