# Authentication

An Authentication Provider validates user credentials and determines who can log in. Depending on the organization’s infrastructure and security policies, you can choose between several authentication methods—Default, LDAP, Azure AD, SAML, and OIDC—to support secure, centralized, and scalable user authentication.

### **Default Authentication**

In this method, users log in with a username and password created directly in Tellius. Best for quick setup or standalone deployments.

Click on **Save** to confirm the default authentication method.

<figure><img src="https://content.gitbook.com/content/8GaK1h3pmgbR63x0ftET/blobs/zKg9UUoluG8Jy4qD1fgX/image.png" alt="" width="563"><figcaption><p>Authentication via default</p></figcaption></figure>

### **LDAP Authentication (Images 2 & 3)**

LDAP (Lightweight Directory Access Protocol) allows Tellius to authenticate users against an enterprise directory service. For more details, check out [this](https://help.tellius.com/settings/security/authentication/ldap) page.

***

#### 3. **Azure AD Authentication**

Use Azure Active Directory for cloud-native, secure authentication.

***

#### 4. **SAML Authentication**

SAML (Security Assertion Markup Language) enables single sign-on via enterprise identity providers.

**Key Fields:**

* **Upload Metadata File**: Upload or browse your IdP's SAML XML metadata.
* **Entity ID**: Identifier for Tellius in SAML assertions.
* **Mappings (Optional)**:
  * **User Name Mapping**: Typically the email address.
  * **First/Last Name Mapping**: User’s name attributes.
* **Default User Role**: Default role assigned to new users logging in via SAML.

***

#### 5. **OIDC Authentication**

OIDC (OpenID Connect) offers a modern, OAuth-based method for authenticating users.

**Required Inputs:**

* **Client ID & Secret**: From your IdP’s OIDC app registration.
* **Discovery Document URI**: Provides configuration metadata (e.g., `https://idp.com/.well-known/openid-configuration`).
* **Redirect URI**: Callback path after successful authentication.
* **Default User Role**: Default permissions for OIDC users.

***

####


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.tellius.com/settings/security/authentication.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.