User management and authentication
Convenient contact management and automatic login
BCS supports you in securely and conveniently managing your users and access rights. Use your directory services and rights assignments via the LDAP application protocol. Authenticate yourself conveniently via the Kerberos network protocol, OAuth 2.0/OpenID Connect, SAML, 2-factor authentication using TOTP or passkeys. Thanks to the standardized SCIM interface, users and groups can also be automatically transferred from Microsoft Entra ID or other identity providers to BCS and synchronized – ideal for organizations with high automation requirements or existing OIDC authentication.
User management
As a directory service, BCS can work together with other programs that query user data via the LDAP application protocol. Whether login data for single sign-on or data on groups of people for assigning rights in the file system – the required data can be easily reused.
The reverse is also possible: data stored in other directory services, such as Microsoft Active Directory, can be imported into BCS via the LDAP application protocol. BCS offers various mapping functions for this purpose. Data that has already been imported can also be updated automatically.
SCIM interface: Automate user management
Using the standardized SCIM interface, users and groups can be transferred directly from your identity provider, such as Microsoft Entra ID, to BCS and kept up to date there. Whether existing users or new accounts, management becomes significantly easier, faster, and more consistent.
Organizations that already use OpenID Connect (OIDC) for authentication benefit particularly from the seamless integration—the SCIM interface optimally complements the existing security architecture. Manual user maintenance is largely eliminated, significantly reducing administrative effort and sources of error.
Authentication methods
BCS offers various secure methods for authentication:
- User account with password: The standard method, in which the user name and password are securely managed in BCS.
- LDAP authentication: Enables central management and authentication via LDAP-based directory services.
- Kerberos: A ticket-based network protocol that allows authentication without transferring passwords.
- OAuth 2.0 / OpenID Connect: These modern, token-based protocols provide secure authentication to external services such as Microsoft Entra ID or Keycloak.
- SAML: Supports authentication via external identity providers and enables single sign-on (SSO) for uniform login to multiple systems.
- Two-factor authentication (2FA) using TOTP: This method shares a common secret between the BCS server and smartphone to generate a 6-digit code using a time-based hash. This code is entered in addition to the password during login to secure authentication. Users can activate this option directly in their user account.
Passkeys
In addition to the authentication methods described above, BCS also offers an innovative and secure alternative to traditional password login via passkeys. This passwordless authentication method uses strong cryptographic key pairs based on open standards such as FIDO2 and WebAuthn. Passkeys not only offer the highest level of phishing protection because they are tied to specific domains, but also enable smooth login without entering usernames or passwords. User-friendliness is significantly increased, while at the same time eliminating the administrative effort of password management. With passkeys, you save time, increase security, and make the login process more user-friendly and efficient.
