strongDM supports three authentication models:
- Delegated authentication
- Native accounts
The most common method of authenticating to strongDM is via delegated authentication.
Authentication is commonly delegated to a Directory (such as Microsoft Active Directory) or Single Sign-On provider (such as Okta or Google).
It is not necessary to delegate authentication but can be convenient to link existing tools with strongDM.
Native accounts are necessary for strongDM administrative users.
Native accounts are also utilized in cases where a Directory or Single Sign-On provider is not available.
The Hybrid authentication model employs a Directory or SSO provider, but also allows the strongDM administrator to create accounts that are not SSO-linked. This can be useful in organizations where contractors or other non-SSO users require access to strongDM.