Pass Through Authentication (PTA)

In today’s digital age, secure authentication is crucial for all kinds of organizations. Pass Through Authentication enables users to access resources seamlessly without the need for maintaining credentials in on-prem infrastructure. The user credentials are validated against the organization’s directory service such as Active Directory without the need to store credentials. PTA is used commonly in hybrid environments where organizations want control over authentication while integrating with cloud services. The diagram below depicts the process of Pass Through Authentication via Active Directory in SailPoint IdentityIQ.

Image: Pass Through Authentication via Active Directory

1. A user requests to log in to an application, in our case, SailPoint.
2. The application (SailPoint) secures the credentials by encrypting them.
3. The login configuration is checked and found out to be Pass Through Authentication.
4. The credentials are validated against Active Directory.
5. After successful validation, the user is logged in.

Advantages

⦁ Pass Through Authentication ensures the credentials are not stored, reducing the risk of exposure.
⦁ Simplifies user management by validating with a directory system like Active Directory.
⦁ Provides real-time authentication, ensuring accurate and up-to-date access control.
⦁ Offers seamless experience as users can log in to on-prem and cloud-based applications using the same credentials.

Let’s have a close look into Pass Through Authentication in below video.

In this video, a detailed demonstration on Pass Through Authentication via Active Directory and usecases like AD Birthright Provisioning are discussed.