Plone Authentication Solutions

Enhance security and simplify access to your web services and networks with robust user authentication system by combining multiple identification factors together. Usage of secure credentials and digital certificates is the key factor during implementation of authentication within Plone.
Plone is very flexible CMS in area of authentication, authorization and management of user permissions, roles and groups. Since Plone is built upon Zope, it can use Zope's Pluggable Authentication Service (PAS). Using this powerful tool Plone can:

  • authenticate user (via cookies, login forms, etc.), compare login name and password with a user record in a database;
  • store (in ZODB, LDAP, RADIUS, SQL, etc.) and manage properties and other data connected with user;
  • extract credentials ( HTTP cookie, HTTP form data, the user's IP address, etc.) from the user;
  • assign user to one or more groups and determine to which group(s) user belongs;
  • search and list users and groups using user enumeration plugins.

Most common Plone Authentication projects:

  • authentication of Plone intranet against multiple authentication sources;
  • Idap, Active Directory and/or LDAP Authentication with Plone;
  • support for ActiveDirectory: authentication, access to storage of users, groups and roles, group membership information;
  • Twitter, Facebook, Google+, or other social media based login for Plone website;
  • usage of certificate instead of a password for authentication;
  • authentication of Plone website against MySQL user database;
  • synchronisation of user details in Plone website from a separate database;
  • implementation of PAS plugin that allows Plone to work with Microsoft's Windows Integrated Authentication for users to be able to log into Plone website with the credentials used for their PC;
  • management of FacultyStaff authentication;
  • user interface for management of LDAP and Active Directory servers;
  • development of Single Sign-On (SSO) with which users can log in just once to access an ecosystem of applications;
  • implementation of Single Source Authentication allows users to log into multiple applications with one set of credentials;
  • Authentication in Django and Plone using JaSig CAS;
  • usage of Google Authenticator app for Plone 4 that enables the two-step verification for Plone accounts.

Quintagroup provided Plone authentication solution for several projects satisfying all clients' demands concerning websites authentication. For instance, New Mexico Consortium has several websites, thus demanded advanced user management. Websites were related by the user databases within SalesForce which allowed user creation and profile manipulation both via SalesForce interface and within Plone website itself. For one of the websites was implemented the following security measure: only certain PIN code could redirect to the login form in other cases user would not be able to login. For ANZCA project Quintagroup implemented Single Sign-On.
Among main features of PolicyTracker website is connection between Salesforce Contact record and Plone website members profile. If user becomes member of Plone site, his/her profile data (login, password and properties) copies to the automatically created corresponding SalesForce account, to which user can log in using login and password from Plone site. Any changes in Salesforce Contact record would be copied to the profile data in Plone. Exactly for this purpose Plone default registration form and member's profile were extended with additional member properties (title, job title, company name, contact details etc.). Also PolicyTracker allows automatic log in based on IP-address. There is no need to remember or insert login name/password information if your Ip is in the list of the approved users.
Pluggable Authentication Service (PAS) is used to authenticate users according to their IP address. It allows being logged in after a successful authentication (or last site visit) for about a fortnight. This simplifies users’ access and speeds up overall site performance. For more information see project cases:

New Mexico Consortium New Mexico Consortium

Australian and New Zealand College of Anaesthetists Australian and New Zealand College of Anaesthetists

PolicyTracker PolicyTracker

Interested in more?

Plone authentication implementation needs individual evaluation and greatly depends on Plone version, authentication backend and database availability. Contact us to receive more information on Plone's authentication and user management, as well as Plone integration with other systems and third party middleware.


It is a pleasure working with the Plone developers at Quintagroup. They are very knowledgeable, efficient, and customer-focused. I have found Plone to be a powerful and user-friendly Content Management System.

August 13, 2013
Robert Loftur-Thun

Wonderful Plone developers. Fast, efficient and very knowledgeable.

August 12, 2013
Jason Atwood

Thanks a lot... I've always appreciated the level of services provided by your company, I'm a big fan and shall continue to advertise your services among my fellow Zope developers!

Nov 30, 2011
Dominique Trembloy

I have used a Plone site environment hosted by Quintagroup to develop a workflow application for my business. Since January 2010 ... I have been a customer of Quintagroup and I am very happy about the good and reliable service, including update of the website to version 4.1 of Plone.

Apr 20, 2011
Maarten de Vries

...I was a very satisfied customer for 7 years. They made sure that my website was always up, even during a couple episodes of being "slashdotted", and fixed the very few problems that I had in record time. This is a very professionally run outfit...

Feb 14, 2011
Mario Butter

I just want to thank each of you for your work... My business has increased and my anxiety level has been lowered since using Plone...It's been such a pleasure working with a professional and intelligent group like your.

Tom Parish