Plone Authentication Solutions

Implement robust user authentication solution to enhance security and simplify access to your web services and networks using secure credentials and digital certificates.

Enhance security and simplify access to your web services and networks with robust user authentication system by combining multiple identification factors together. Usage of secure credentials and digital certificates is the key factor during implementation of authentication within Plone.
Plone is very flexible CMS in area of authentication, authorization and management of user permissions, roles and groups. Since Plone is built upon Zope, it can use Zope's Pluggable Authentication Service (PAS). Using this powerful tool Plone can:

  • authenticate user (via cookies, login forms, etc.), compare login name and password with a user record in a database;
  • store (in ZODB, LDAP, RADIUS, SQL, etc.) and manage properties and other data connected with user;
  • extract credentials ( HTTP cookie, HTTP form data, the user's IP address, etc.) from the user;
  • assign user to one or more groups and determine to which group(s) user belongs;
  • search and list users and groups using user enumeration plugins.

Most common Plone Authentication projects:

  • authentication of Plone intranet against multiple authentication sources;
  • Idap, Active Directory and/or LDAP Authentication with Plone;
  • support for ActiveDirectory: authentication, access to storage of users, groups and roles, group membership information;
  • Twitter, Facebook, Google+, or other social media based login for Plone website;
  • usage of certificate instead of a password for authentication;
  • authentication of Plone website against MySQL user database;
  • synchronisation of user details in Plone website from a separate database;
  • implementation of PAS plugin that allows Plone to work with Microsoft's Windows Integrated Authentication for users to be able to log into Plone website with the credentials used for their PC;
  • management of FacultyStaff authentication;
  • user interface for management of LDAP and Active Directory servers;
  • development of Single Sign-On (SSO) with which users can log in just once to access an ecosystem of applications;
  • implementation of Single Source Authentication allows users to log into multiple applications with one set of credentials;
  • Authentication in Django and Plone using JaSig CAS;
  • usage of Google Authenticator app for Plone 4 that enables the two-step verification for Plone accounts.

Quintagroup provided Plone authentication solution for several projects satisfying all clients' demands concerning websites authentication. For instance, New Mexico Consortium has several websites, thus demanded advanced user management. Websites were related by the user databases within SalesForce which allowed user creation and profile manipulation both via SalesForce interface and within Plone website itself. For one of the websites was implemented the following security measure: only certain PIN code could redirect to the login form in other cases user would not be able to login. For ANZCA project Quintagroup implemented Single Sign-On.
Among main features of PolicyTracker website is connection between Salesforce Contact record and Plone website members profile. If user becomes member of Plone site, his/her profile data (login, password and properties) copies to the automatically created corresponding SalesForce account, to which user can log in using login and password from Plone site. Any changes in Salesforce Contact record would be copied to the profile data in Plone. Exactly for this purpose Plone default registration form and member's profile were extended with additional member properties (title, job title, company name, contact details etc.). Also PolicyTracker allows automatic log in based on IP-address. There is no need to remember or insert login name/password information if your Ip is in the list of the approved users.
Pluggable Authentication Service (PAS) is used to authenticate users according to their IP address. It allows being logged in after a successful authentication (or last site visit) for about a fortnight. This simplifies users’ access and speeds up overall site performance. For more information see project cases:

New Mexico Consortium New Mexico Consortium

Australian and New Zealand College of Anaesthetists Australian and New Zealand College of Anaesthetists

PolicyTracker PolicyTracker

Interested in more?

Plone authentication implementation needs individual evaluation and greatly depends on Plone version, authentication backend and database availability. Contact us to receive more information on Plone's authentication and user management, as well as Plone integration with other systems and third party middleware.