> For the complete documentation index, see [llms.txt](https://help.tellius.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://help.tellius.com/6.0/settings/security/authentication.md).

# Authentication

An Authentication Provider validates user credentials and determines who can log in. Depending on the organization’s infrastructure and security policies, you can choose between several authentication methods—Default, LDAP, Azure AD, SAML, and OIDC—to support secure, centralized, and scalable user authentication.

### **Default Authentication**

In this method, users log in with a username and password created directly in Tellius. Best for quick setup or standalone deployments.

Click on **Save** to confirm the default authentication method.

<figure><img src="/files/jiiMoPETDpaT2r1ZOQxQ" alt="" width="563"><figcaption><p>Authentication via default</p></figcaption></figure>

### **LDAP Authentication (Images 2 & 3)**

LDAP (Lightweight Directory Access Protocol) allows Tellius to authenticate users against an enterprise directory service. For more details, check out [this](/6.0/settings/security/authentication/ldap.md) page.

***

#### 3. **Azure AD Authentication**

Use Azure Active Directory for cloud-native, secure authentication.

***

#### 4. **SAML Authentication**

SAML (Security Assertion Markup Language) enables single sign-on via enterprise identity providers.

**Key Fields:**

* **Upload Metadata File**: Upload or browse your IdP's SAML XML metadata.
* **Entity ID**: Identifier for Tellius in SAML assertions.
* **Mappings (Optional)**:
  * **User Name Mapping**: Typically the email address.
  * **First/Last Name Mapping**: User’s name attributes.
* **Default User Role**: Default role assigned to new users logging in via SAML.

***

#### 5. **OIDC Authentication**

OIDC (OpenID Connect) offers a modern, OAuth-based method for authenticating users.

**Required Inputs:**

* **Client ID & Secret**: From your IdP’s OIDC app registration.
* **Discovery Document URI**: Provides configuration metadata (e.g., `https://idp.com/.well-known/openid-configuration`).
* **Redirect URI**: Callback path after successful authentication.
* **Default User Role**: Default permissions for OIDC users.

***

####


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://help.tellius.com/6.0/settings/security/authentication.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.