跳转至

Authentication(身份验证(Authentication))

There are two options for authentication on the Palantir platform. Enrollment administrators can integrate an existing identity provider, or you can use Palantir’s self-service passwordless identity provider for AIP Developer Tier and AIP Bootcamp enrollments.

Learn more about logging in to a Palantir enrollment.

Your own identity provider

The Palantir platform can integrate seamlessly with your existing identity provider, allowing full end-to-end access administration and management through your existing system. Review the administration documentation for detailed instructions on how to configure your identity provider for use with the Palantir platform.

Palantir self-service user directory

In some scenarios, your enrollment may be automatically configured with a built-in identity provider. Palantir's self-service user directory is passwordless, leveraging FIDO2 passkeys to offer unparalleled security and a seamless user experience.

If you signed up for a new enrollment with the Palantir self-service user directory, you will receive an email with the subject "Set up your Palantir account and log in" shortly after signing up. After completing the instructions to set up your account, you can invite additional users to your enrollment in Control Panel by navigating to Authentication > Palantir self-service user directory. Then, select Manage users.

We recommend that you configure more than one enrollment administrator to assist with account recovery as a backup.

What are passkeys?

FIDO2 (Fast IDentity Online) passkeys are a passwordless login method that use cryptography and a device's built-in security features, such as facial recognition, to verify your identity. A passkey is not the same as a password, and you do not need to remember it or enter it into a login form. Instead, your device will verify your identity using security features such as biometrics, and provide a private cryptographic key to authenticate you, allowing you to log in. Passkeys eliminate the need to remember complex passwords and allow you to sign in with your fingerprint, face scan, security key, or password manager.

How do passkeys work?

A FIDO2 passkey is a physical security key or a platform authenticator, such as a biometric device or a smartphone, that can be used for passwordless authentication. Devices such as smartphones generate a unique pair of public and private keys for each service or application. The public key is registered with the service, and the private key remains securely stored on the device.

When you use a FIDO2 passkey for authentication, the service will send a challenge to your device. The device will sign the challenge using the private key and send the signed response back to the service. The service then verifies the response using the public key to confirm your identity.

Passkeys provide several benefits:

  • Strong security: Public-key cryptography provides a high level of security, and since the private key never leaves the device, it is less vulnerable to attacks.
  • Passwordless authentication: FIDO2 passkeys eliminate the need for passwords, making authentication more convenient and reducing the risk of phishing and other password-related attacks.
  • Privacy: The unique key pairs generated for each service ensure that your authentication information cannot be used to track your activities across different services.
  • Ease of use: Passkeys provide a simple, user-friendly authentication experience that requires only a single action, such as inserting the security key or using a biometric device such as a fingerprint or face scan.

For detailed instructions on logging in with a passkey, review the login documentation.


中文翻译

身份验证(Authentication)

Palantir 平台提供两种身份验证选项。注册管理员可以集成现有的身份提供者(identity provider),或者对于 AIP Developer Tier 和 AIP Bootcamp 注册,您可以使用 Palantir 的自助无密码身份提供者。

了解有关登录 Palantir 注册的更多信息。

您自己的身份提供者(Identity Provider)

Palantir 平台可以与您现有的身份提供者无缝集成,通过现有系统实现完整的端到端访问权限管理。请查阅管理文档,获取有关如何配置身份提供者以用于 Palantir 平台的详细说明。

Palantir 自助用户目录(Self-Service User Directory)

在某些情况下,您的注册可能会自动配置内置身份提供者。Palantir 的自助用户目录采用无密码方式,利用 FIDO2 通行密钥(passkeys)提供无与伦比的安全性和流畅的用户体验。

如果您使用 Palantir 自助用户目录注册了新账户,注册后不久您将收到一封主题为"设置您的 Palantir 账户并登录"的电子邮件。在完成账户设置说明后,您可以通过导航至身份验证 > Palantir 自助用户目录,然后选择管理用户,在控制面板(Control Panel)中邀请其他用户加入您的注册。

我们建议您配置多个注册管理员,以便在账户恢复时提供备份支持。

什么是通行密钥(Passkeys)?

FIDO2(快速在线身份识别)通行密钥是一种无密码登录方法,利用密码学技术和设备内置的安全功能(如面部识别)来验证您的身份。通行密钥与密码不同,您无需记住它或在登录表单中输入它。相反,您的设备会使用生物识别等安全功能验证您的身份,并提供私密加密密钥来验证您,使您能够登录。通行密钥消除了记忆复杂密码的需要,让您可以通过指纹、面部扫描、安全密钥或密码管理器登录。

通行密钥如何工作?

FIDO2 通行密钥是一种物理安全密钥或平台验证器(platform authenticator),例如生物识别设备或智能手机,可用于无密码身份验证。智能手机等设备会为每个服务或应用程序生成唯一的公钥和私钥对。公钥在服务中注册,私钥则安全地存储在设备上。

当您使用 FIDO2 通行密钥进行身份验证时,服务会向您的设备发送一个挑战(challenge)。设备使用私钥对挑战进行签名,并将签名后的响应发送回服务。然后,服务使用公钥验证响应,以确认您的身份。

通行密钥具有以下优势:

  • 强大的安全性: 公钥密码学提供了高水平的安全性,由于私钥从不离开设备,因此不易受到攻击。
  • 无密码身份验证: FIDO2 通行密钥消除了对密码的需求,使身份验证更加便捷,并降低了网络钓鱼及其他与密码相关攻击的风险。
  • 隐私保护: 为每个服务生成的唯一密钥对确保您的身份验证信息无法用于跨不同服务追踪您的活动。
  • 易于使用: 通行密钥提供简单、用户友好的身份验证体验,只需一个操作即可完成,例如插入安全密钥或使用指纹、面部扫描等生物识别设备。

有关使用通行密钥登录的详细说明,请查阅登录文档