Hybrid Data Pipeline supports the following advanced authentication functionality.

Integrate multiple authentication services with a single user account

Multiple authentication services can be integrated with a single Hybrid Data Pipeline user account. After the authentication services have been registered, administrators can configure a user account to use the registered services. In the following API request, an administrator associates a number of end users with a user account named odata_users with ID of 18. The internal_user uses the internal authentication mechanism. The other end users use separate authentication services as specified with the authServiceID property.

Note: You can also associate multiple services (and end users) with a user account through the Web UI. When creating or updating a user account, you can associate an external service with the account by clicking + Add Authentication Service under the Authentication Setup tab.
PUT https://MyServer:8443/api/admin/users/18/authinfo
{
  "authUsers": [
    {
      "authUserName": "internal_user",
      "authServiceId": 1
    },
    {
      "authUserName": "odata_user_1",
      "authServiceId": 21
    },
    {
      "authUserName": "odata_user_2",
      "authServiceId": 43
    },
    {
      "authUserName": "odata_user_3",
      "authServiceId": 89
    }
  ]
}

Associate a group of users to a Hybrid Data Pipeline account using a wildcard

A wildcard can be used to associate a group of end users in an external authentication service with a user account. The only supported wildcard is *, which matches any and all names. In the following example, an administrator creates a user account called support_team and uses a wildcard to associate users in an external authentication service with this account.

Important: When a wildcard is used to associate end users with a user account, the Systems Configuration API must be used to implement a delimiter for the username credential as described in the next section.
POST https://MyServer:8443/api/admin/users
{
    "userName": "support_team",
    "statusInfo": {
        "status": 1,
        "accountLocked": false
    },
    "passwordInfo": {
        "passwordStatus": 1,
        "passwordExpiration": "2020-01-01 00:00:00"
    },
    "permissions": {
        "roles": [
            1
        ]
    },
    "authenticationInfo": {
        "authUsers": [
            {
                "authUserName": "internal_user2",
                "authServiceId": 1
            },
            {
                "authUserName": "*",
                "authServiceId": 21
            }
        ]
    }
}

Set a delimiter for the username credential

A delimiter can be specified to require the inclusion of the name of the authentication service, as well as the name of the end user when passing the username credential. A delimiter must be used whenever the wildcard is used to associate names from an external authentication service with a user account. A delimiter should also be required if there is a possibility of naming conflicts among end users from different external authentication services. In the following example, an administrator uses the Systems Configuration API to specify a delimiter.

Note: You can also set a delimiter from the System Configurations view using the Web UI. See System Configurations view for details.
PUT https://MyServer:8443/api/admin/configurations/1
    {
      "value": ":"
    }

With this implementation, the username credential must take the form auth_user_name:auth_service_name (for example, user437:LDAP1).