The following sections describe security actions.

Storing Database Passwords

Masking Engine uses encryption and stores all passwords encrypted in the application's repository database.

Authenticating Users

If you choose to use Masking Engine internal authentication, Masking Engine uses encryption and stores passwords for each user encrypted in the Masking Engine relational repository. 

When a user logs in to Masking Engine and enters their username and password, Masking Engine verifies that the user is an active user with Masking Engine, and then authenticates their password.

Optionally, Masking Engine can integrate with external authentication software (Microsoft Active Directory, CA SiteMinder, or LDAP) to authenticate users. If you integrate with external authentication software, Masking Engine will validate that the user has rights to access the application and will log in the user automatically. (No additional Masking Engine password will be required.)

Authorizing Users (Roles)

With the built-in Masking Engine Administrator role, which is similar to a superuser role, the administrator can add roles (Managing Roles Settings) and assign the roles to users. By creating specific roles and assigning them, the administrator can control which users are authorized to perform various tasks (privileges).