DownloadGLPI ChangelogPricesGLPI Website45-day free trial

Authentication

This is where GLPI manages authentication and user information.

GLPI uses its own internal user database. These users are either created within GLPI itself or imported from one or more external sources. Depending on the source type, the import can be performed in bulk or at login time if the user is not yet known to GLPI but exists on an external authentication server with corresponding credentials.

General authentication configuration and the management of external authentication servers can be performed in the menu Configuration > Authentication.

The assignment of authorizations is described in the documentation User Authorization Assignment Rules.

The authentication process is as follows:

  1. A user enters their username and password into GLPI.

  2. GLPI checks if the user is already registered in its database and, if not:

    1. GLPI tries the configured authentication methods one by one (Internal > LDAP > IMAP > Other).

    2. When authentication succeeds, the user is created in the GLPI database and the authentication method is stored with them.

    3. If no authentication method manages to authenticate the user, an error message indicating that their username or password is incorrect is displayed.

  3. If the user already existed in the GLPI database or was imported in the previous step:

    1. GLPI attempts to authenticate the user using only the last source that successfully authenticated them.

    2. If authentication fails, an error message indicating that their username or password is incorrect is displayed.

  4. The authorization engine is launched with the user's information:

    1. If the engine has granted one or more authorizations to the user, then this user has access to GLPI.

    2. If the user has not been granted any authorizations, then the user will be known to GLPI but will not be able to log in.

In order to use an external authentication source, you may need to enable the relevant PHP extension.

For example, LDAP sources will require the php-ldap extension.

There is no limit to the number of authentication sources that can be configured.

To allow GLPI to automatically create users from external authentication sources upon their login attempt, this must be enabled in the Configuration > Authentication > Configuration form.

When using LDAP directories, it is possible to configure the action GLPI takes when a user is no longer present in the LDAP directory from this same form.

Cover

SETUP

Cover

LDAP

Cover

IMAP

Cover

OTHER

PreviousAutomatic actionsNextConfigure external authentication

Last updated