User authentication and transfer authorization

What are the user authentication and authorization options available in Aspera?   

Answer:  Aspera has a separate authentication and authorization facilities.   

Authentication:  User authentication is the process by which a client presents a set of credentials to a service, as proof of identity.   The current generation of transfers clients and servers utilize secure shell service (SSH) for user authentication. SSH typically uses operating system user accounts, which can be local to a Server system, or based on a remote directory service (AD, LDAP).  It is also possible to authenticate users against a remote RDBMS, such as MySQL.  

On Linux, the existing SSH services is used.  On Windows, Aspera Server and Point to Point installers will install the Open SSH service.  Third party SSH services can also be used.  The user accounts can be authenticated using passwords, SSH keys or keyboard interactive methods.  All three options are supported.  

In Aspera systems, transfer authorization is the process by which a server system allows or denies a user from doing a transfer.  At this point in the process, the users identity (user name / password or user name / key) is already established.  Aspera supports a few options for transfer authorization:

Default allow / deny: transfer approval/denial is set in aspera.conf
Token based authorization: transfers require a valid token.
External Authorization: transfers are authorized based on an external SOAP service

Custom web integrations:
In the case of custom web applications integrated with Aspera, it is recommended to use one system account for all file transfers (OS account), and a separate set of accounts for authentication to the web application and access to the content within the web application.

Powered by Zendesk