6.2 Authentication Part 1: Username/Password or OpenID Connect
Traditionally, users authenticate to Retain by entering a username and password.
Figure 6-1 illustrates how Retain processes initial input to the Login dialog.
Figure 6-1 Authentication - Part 1
Table 6-1 Authentication - Part 1
|
Letter |
Explanation |
|---|---|
|
|
GSuite users who are enabled for access through Google’s OpenID Connect implementation, can click the button. They can then authenticate to their GSuite account and Retain recognizes the authentication as valid. |
|
|
Office 365 users who can access their Office 365 account through Microsoft’s OpenID Connect implementation, can click the button. They then authenticate to their Office 365 account and Retain recognizes the authentication as valid. |
|
|
The user types a username and a password. |
|
|
Then the user clicks . |
|
|
Retain checks for the username in the User Account List and if it is found, Retain then checks the entered password against the one that is cached for the user. |
|
|
There are three possible results:
|
If the back-end system verifies the username/password, Retain updates the cached password and the request continues in 
If the verification request fails, the authentication process stops and notifies the user.
If the user is in the address book, the process accesses the installed modules for back-end messaging system connections.
The process connects to relevant back-end messaging systems.
When a back-end system verifies the username/password combination, Retain encrypts the password and adds the user to the User Account list. The request then continues the process in 
If the user is not in the archive’s address book or if no back-end system verifies the username/password, the verification request fails, and the authentication process stops and notifies the user.