An authentication domain
is a name that facilitates the matching of logins with the servers
for which they are valid.
Note: This matching is not important
when you launch a client, but it is important when you access certain
secondary servers such as a third-party DBMS or, in some configurations,
a standard workspace server.
Each user ID and password
is valid within a specific scope. For example, the user ID and password
that you use to log on to your computer at work are probably not the
same as the user ID and password that you use to log on to a personal
computer at home. It is also common for database servers and Web servers
to have their own authentication mechanisms, which require yet another,
different, user ID and password.
An enterprise application
that provides access to many different resources might require that
a user have several sets of credentials. Each time a user requests
access to a resource, the software must determine which credentials
to use to provide access. The software could challenge the user with
an interactive prompt for user ID and password, but that quickly becomes
an annoyance that interrupts the user experience. The software could
randomly try different credentials until it finds a set that works,
but authentication attempts can be expensive in terms of performance.
In the SAS Intelligence Platform, the software attempts to use only
the credentials that it expects to be valid for a particular resource
or system.
The software’s
knowledge of which credentials are likely to be valid is based entirely
on authentication domain assignments. For this reason, you must correctly
assign an authentication domain to each set of resources that uses
a particular authentication provider, and also assign that same authentication
domain to any stored credentials that are valid for that provider.