Permissions and Access

While external identity providers handle authentication (verifying who users are), Trust Protection Foundation manages all authorization internally. This section covers how to manage permissions, configure access controls, and set security policies for authenticated users.

Understanding the Permission Model

Trust Protection Foundation uses a least-privileged security model where authentication does not automatically grant access to resources. Administrators must explicitly assign permissions to users and groups for specific objects and folders.

See Managing system permissions for an overview of how permissions work, including inheritance, auditing, and troubleshooting tools.

Assigning Permissions

Permissions are assigned at the object level and flow down through the folder hierarchy. Best practices recommend assigning permissions to groups at the folder level rather than to individual users on individual objects.

See Assigning permissions to an object for step-by-step instructions on granting access rights to users and groups.

Session Security

To protect your system from unauthorized access, the web console automatically logs users out after a period of inactivity. You can customize this timeout duration to meet your organization's security policies.

See Configuring web console session timeouts for instructions on setting global session timeout values.

Alternate Authentication Options

In addition to standard username/password authentication and SSO, Trust Protection Foundation supports additional authentication methods including certificate-based authentication, Integrated Windows Authentication, and API-specific authentication modes.

See Alternate authentication and login options for information about certificate authentication, Windows authentication, device authentication, and API performance considerations.