Hi Team,
Whether we have any documentation on the difference between all the authentication types as mentioned in the subject of this post. Because, when I have gone through Appian documentation not able to get the difference clearly. Kindly guide me.
Discussion posts and replies are publicly visible
Shantanu Bhowmick Based on the use case, we can implement any of these authentication protocols. I'll provide a basic idea of LDAP and SAML, which are the most commonly used authentications in Appian PIEE, OPEN id CONNECT AND SAML all come under SSO setup. For more details, you can follow the link below to get an idea Decoding SSO protocols
LDAP (Lightweight Directory Access Protocol):
SAML (Security Assertion Markup Language):
Hey there,
You're right that the distinctions can be a bit nuanced. Here’s a brief overview to help clarify:
LDAP: Direct authentication against your organization's directory (like Active Directory). Appian validates credentials internally via the LDAP server.
SAML: Enables Single Sign-On (SSO) through an identity provider (IdP). Appian trusts the IdP and does not handle credentials directly, just the authentication assertion.
OpenID Connect (OIDC): Also supports SSO but is based on OAuth 2.0. It allows token-based authentication, typically used with modern IdPs like Azure AD or Google. Useful for mobile or API-based scenarios.
PIEE Authentication: A specific SAML-based method used for integrations with DoD systems, especially in federal projects. It includes compliance with DoD CAC/PIV requirements.
If you want to understand details about various authentication mechanisms Google search or a conversational AI chatbot search will help better.
If briefly explained, LDAP, SAML, OpenID Connect (OIDC), and PIEE authentication serve different purposes in the realm of identity and access management. LDAP is a protocol primarily used for accessing and managing user information in directory services like Active Directory, often within internal networks. SAML is an XML-based standard that enables secure Single Sign-On (SSO) by exchanging authentication data between an identity provider and a service provider, commonly used in enterprise environments. OpenID Connect, built on OAuth 2.0, is a modern, lightweight protocol that uses JSON Web Tokens (JWT) to authenticate users, making it ideal for web and mobile applications. In contrast, PIEE authentication is specific to the U.S. Department of Defense, providing secure access to procurement systems through multi-factor authentication methods like Common Access Cards (CAC) or PKI certificates. While LDAP is more about querying user directories, SAML and OIDC focus on federated authentication, and PIEE is a specialized platform for secure government access.
Below documentations inform how Appian allows to configure with different authentication mechanisms.
https://docs.appian.com/suite/help/25.2/PIEE_User_Authentication.html
https://docs.appian.com/suite/help/25.2/OpenID_Connect_User_Authentication.html
https://docs.appian.com/suite/help/25.2/SAML_for_Single_Sign-On.html
https://docs.appian.com/suite/help/25.2/Appian_Administration_Console.html#ldap-authentication