Current ThreatQ Version Filter
Authentication Methods
There are multiple authentication methods you can implement to secure access to the ThreatQ Platform (TQ):
| Method | Description | Reference |
|---|---|---|
| Local Authentication | User accounts are created and maintained manually within the platform. Username, passwords, and permission roles are configured within ThreatQ. Administrators can edit a user's profile including email, password, and permission role in ThreatQ. Local users log in using the local user login method for the ThreatQ platform. |
|
| 2-Step Verification | Adds an extra layer of security by requiring a security code in addition to a login and password. | |
| LDAP Authentication | User accounts are created and authenticated outside of the ThreatQ platform and user roles are mapped from the user's Active Directory. Due to this, user accounts cannot be modified within the ThreatQ platform (User Management page). LDAP users log in using the local user login method for the ThreatQ platform. |
|
| SAML Authentication | User accounts are created and authenticated outside of the ThreatQ platform and user roles are mapped from the user's Active Directory. Due to this, user accounts cannot be modified within the ThreatQ platform (User Management page). SAML does not allow user role mapping for maintenance accounts. SAML users log in using the single sign-on (SSO) login option for the ThreatQ platform. |
|
| SSL Client Certificate Authentication | User accounts are created in the ThreatQ platform. Then, the individual users or Administrative/Maintenance users can add a certificate fingerprint to the user account. These certificate fingerprints are validated agains a certificate file uploaded to ThreatQ. SSL Client Certificate Authentication users will login using the Log in with CAC/PIV Card option. |
Changing Authentication Methods
ThreatQuotient strongly recommends that you perform a full backup before changing your authentication method.
| Current Method | New Method | Details |
|---|---|---|
| Local | SAML | Current ThreatQ accounts will be mapped using the user's email address and users will use SSO to log into the platform. Local Maintenance Accounts will not be mapped in SAML and will continue to use the local login method. See the Configuring SAML topic for details on this setup process. |
| SAML | Local | Contact ThreatQ Support. |
| Local | LDAP | Current ThreatQ accounts will be mapped using the user's email address and users will continue to use the local login method. See the About LDAP Authentication topic for details on this setup process. |
| LDAP | Local | Contact ThreatQ Support. |
| LDAP | SAML | LDAP must be disabled before enabling SAML. No account updates are required if the unique account identifier for LDAP was the user’s email address. The LDAP group that is mapped to the ThreatQ Maintenance role will have to be mapped to different user role as SAML does not allow maintenance account mapping. |
| SAML | LDAP | SAML must be disabled before enabling LDAP. No account updates are required if the unique account identifier for SAML was the user’s email address. |
| SAML or LDAP | SSL Client Certificate Authentication | Contact ThreatQ Support. |
| Local | SSL Client Certificate Authentication | See SSL Client Certificate Authentication. |
| SSL Client Certificate Authentication | Local | See Managing Certificate Files. |