User Authentication
Authentication and Access Control
Sonatype Nexus Repository includes a simple user management system and integrations with a number of external authentication sources. You can also manage users that are stored in the internal system via the REST API.
After configuring authentication methods, you can activate or deactivate them through the user interface by activating or deactivating security realms as described in the Realms help topic.
Once authenticated, a user's access to your repositories is controlled via named user profiles, which are assigned roles that have specified privileges. These topics are further explained in our Access Control help section.
Authentication Methods
| Authentication Method | Description | Related Internal Documentation |
|---|---|---|
Atlassian Crowd PRO | Atlassian Crowd is a widely used single sign-on and identity management tool; Sonatype Nexus Repository Pro comes with out-of-the-box Atlassian Crowd support. | Atlassian Crowd Support |
| Lightweight Directory Access Protocol (LDAP) | LDAP allows you to authenticate via external systems providing LDAP support (e.g., Microsoft Exchange/Active Directory, OpenLDAP, ApacheDS, etc.). | LDAP |
| Local Authentication | While we strongly recommend a centralized authentication provider such as LDAP, SAML or Crowd, Sonatype Nexus Repository does include support for managing users through both the user interface and REST API. | Local Authentication |
| Remote User Token (RUT) Authentication | With RUT authentication, a reverse proxy placed in front of Sonatype Nexus Repository supplies the identification for the user as a header. | Authentication via Remote User Token |
SAML PRO | You can configure your instance to work with a SAML Identity Provider for authentication via Single Sign-On (SSO) and to send user groups to it for authorization. Nexus Repository implements the Web Browser SSO Profile from the SAML 2.0 specification. | SAML |
User Tokens PRO | For improved security, consider enabling user token support, which allows users to generate a random token pair to use with client tools and avoids storing credentials in local files. | User Tokens |
Unauthenticated (Anonymous) Access
Anonymous access is managed through an anonymous user profile. See the Anonymous Access help topic for full information on managing unauthenticated access.