LDAP vs SAML vs Open id Connect vs PIEE authentication

Question

Hi Team, 
 Whether we have any documentation on the difference between all the authentication types as mentioned in the subject of this post. Because, when I have gone through Appian documentation not able to get the difference clearly. Kindly guide me.

PavanSrihari · Answer

Shantanu Bhowmick Based on the use case, we can implement any of these authentication protocols. I'll provide a basic idea of LDAP and SAML, which are the most commonly used authentications in Appian PIEE, OPEN id CONNECT AND SAML all come under SSO setup. For more details, you can follow the link below to get an idea Decoding SSO protocols 
 LDAP (Lightweight Directory Access Protocol): 
 
 Purpose: LDAP is primarily used for accessing and maintaining distributed directory information services over an IP network. 
 Use Case in Appian: Commonly used for authentication and authorization, allowing Appian users to access resources based on their directory credentials. 
 
 SAML (Security Assertion Markup Language): 
 
 Purpose: SAML is an open standard for exchanging authentication and authorization data between parties, specifically between an identity provider and a service provider. 
 Use Case in Appian: Ideal for single sign-on (SSO) scenarios, enabling Appian users to authenticate once and gain access to multiple applications seamlessly.

Megha Ramnani · Answer

Hey there, 
 You're right that the distinctions can be a bit nuanced. Here&rsquo;s a brief overview to help clarify:

LDAP : Direct authentication against your organization's directory (like Active Directory). Appian validates credentials internally via the LDAP server.

SAML : Enables Single Sign-On (SSO) through an identity provider (IdP). Appian trusts the IdP and does not handle credentials directly, just the authentication assertion.

OpenID Connect (OIDC) : Also supports SSO but is based on OAuth 2.0. It allows token-based authentication, typically used with modern IdPs like Azure AD or Google. Useful for mobile or API-based scenarios.

PIEE Authentication : A specific SAML-based method used for integrations with DoD systems, especially in federal projects. It includes compliance with DoD CAC/PIV requirements.

Harsha Sharma · Answer

If you want to understand details about various authentication mechanisms Google search or a conversational AI chatbot search will help better. 
 If briefly explained, LDAP, SAML, OpenID Connect (OIDC), and PIEE authentication serve different purposes in the realm of identity and access management. LDAP is a protocol primarily used for accessing and managing user information in directory services like Active Directory, often within internal networks. SAML is an XML-based standard that enables secure Single Sign-On (SSO) by exchanging authentication data between an identity provider and a service provider, commonly used in enterprise environments. OpenID Connect, built on OAuth 2.0, is a modern, lightweight protocol that uses JSON Web Tokens (JWT) to authenticate users, making it ideal for web and mobile applications. In contrast, PIEE authentication is specific to the U.S. Department of Defense, providing secure access to procurement systems through multi-factor authentication methods like Common Access Cards (CAC) or PKI certificates. While LDAP is more about querying user directories, SAML and OIDC focus on federated authentication, and PIEE is a specialized platform for secure government access. 
 Below documentations inform how Appian allows to configure with different authentication mechanisms. 
 https://docs.appian.com/suite/help/25.2/PIEE_User_Authentication.html 
 https://docs.appian.com/suite/help/25.2/OpenID_Connect_User_Authentication.html 
 https://docs.appian.com/suite/help/25.2/SAML_for_Single_Sign-On.html 
 https://docs.appian.com/suite/help/25.2/Appian_Administration_Console.html#ldap-authentication