Skip to main content

User Authentication

Authentication and Access Control

Sonatype Nexus Repository includes a simple user management system and integrations with a number of external authentication sources. You can also manage users that are stored in the internal system via the REST API.

After configuring authentication methods, you can activate or deactivate them through the user interface by activating or deactivating security realms as described in the Realms help topic.

Once authenticated, a user's access to your repositories is controlled via named user profiles, which are assigned roles that have specified privileges. These topics are further explained in our Access Control help section.

Authentication Methods

Authentication Method


Related Internal Documentation

Atlassian Crowd PRO

Atlassian Crowd is a widely used single sign-on and identity management tool; Sonatype Nexus Repository Pro comes with out-of-the-box Atlassian Crowd support.

Atlassian Crowd Support

Lightweight Directory Access Protocol (LDAP)

LDAP allows you to authenticate via external systems providing LDAP support (e.g., Microsoft Exchange/Active Directory, OpenLDAP, ApacheDS, etc.).


Local Authentication

While we strongly recommend a centralized authentication provider such as LDAP, SAML or Crowd, Sonatype Nexus Repository does include support for managing users through both the user interface and REST API.

Local Authentication

Remote User Token (RUT) Authentication

With RUT authentication, a reverse proxy placed in front of Sonatype Nexus Repository supplies the identification for the user as a header.

Authentication via Remote User Token


You can configure your instance to work with a SAML Identity Provider for authentication via Single Sign-On (SSO) and to send user groups to it for authorization. Nexus Repository implements the Web Browser SSO Profile from the SAML 2.0 specification.


User TokensPRO

For improved security, consider enabling user token support, which allows users to generate a random token pair to use with client tools and avoids storing credentials in local files.

User Tokens

Unauthenticated (Anonymous) Access

Anonymous access is managed through an anonymous user profile. See the Anonymous Access help topic for full information on managing unauthenticated access.