content/docs/security-and-auth/user-authentication-types.html - usergrid - Git at Google



 <!DOCTYPE html>
 <!--[if IE 8]><html class="no-js lt-ie9" lang="en" > <![endif]-->
 <!--[if gt IE 8]><!--> <html class="no-js" lang="en" > <!--<![endif]-->
 <head>
   <meta charset="utf-8">

   <meta name="viewport" content="width=device-width, initial-scale=1.0">

   <title>Authentication levels &mdash; Apache Usergrid 1.0 documentation</title>


     <link rel="stylesheet" href="../_static/css/theme.css" type="text/css" />


     <link rel="top" title="Apache Usergrid 1.0 documentation" href="../index.html"/>
         <link rel="next" title="Changing token expiration (time-to-live)" href="changing-token-time-live-ttl.html"/>
         <link rel="prev" title="Authenticating users &amp; app clients" href="authenticating-users-and-application-clients.html"/>


   <script src="../_static/js/modernizr.min.js"></script>

 </head>

 <body class="wy-body-for-nav" role="document">

   <div class="wy-grid-for-nav">


     <nav data-toggle="wy-nav-shift" class="wy-nav-side">
       <div class="wy-side-nav-search">


           <a href="../index.html" class="icon icon-home"> Apache Usergrid


         </a>


             <div class="version">
               1.0
             </div>


 <div role="search">
   <form id="rtd-search-form" class="wy-form" action="../search.html" method="get">
     <input type="text" name="q" placeholder="Search docs" />
     <input type="hidden" name="check_keywords" value="yes" />
     <input type="hidden" name="area" value="default" />
   </form>
 </div>


       </div>

       <div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation">


               <p class="caption"><span class="caption-text">Getting Started</span></p>
 <ul>
 <li class="toctree-l1"><a class="reference internal" href="../introduction/overview.html">Getting Started</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../introduction/usergrid-features.html">Usergrid Features</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../introduction/data-model.html">Usergrid Data model</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../introduction/async-vs-sync.html">Async vs. sync calls</a></li>
 </ul>
 <p class="caption"><span class="caption-text">Using Usergrid</span></p>
 <ul>
 <li class="toctree-l1"><a class="reference internal" href="../using-usergrid/creating-account.html">Creating a Usergrid Account</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../using-usergrid/creating-a-new-application.html">Creating a new application</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../using-usergrid/using-a-sandbox-app.html">Using a Sandbox Application</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../using-usergrid/using-the-api.html">Using the API</a></li>
 </ul>
 <p class="caption"><span class="caption-text">Data Storage</span></p>
 <ul>
 <li class="toctree-l1"><a class="reference internal" href="../data-storage/data-store-dbms.html">The Usergrid Data Store</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../data-storage/optimizing-access.html">Data Store Best Practices</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../data-storage/collections.html">Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../data-storage/entities.html">Entities</a></li>
 </ul>
 <p class="caption"><span class="caption-text">Data Queries</span></p>
 <ul>
 <li class="toctree-l1"><a class="reference internal" href="../data-queries/querying-your-data.html">Querying your data</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../data-queries/query-parameters.html">Query parameters &amp; clauses</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../data-queries/operators-and-types.html">Query operators &amp; data types</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../data-queries/advanced-query-usage.html">Advanced query usage</a></li>
 </ul>
 <p class="caption"><span class="caption-text">Entity Connections</span></p>
 <ul>
 <li class="toctree-l1"><a class="reference internal" href="../entity-connections/connecting-entities.html">Connecting entities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../entity-connections/retrieving-entities.html">Retrieving connections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../entity-connections/disconnecting-entities.html">Disconnecting entities</a></li>
 </ul>
 <p class="caption"><span class="caption-text">Push Notifications</span></p>
 <ul>
 <li class="toctree-l1"><a class="reference internal" href="../push-notifications/overview.html">Push notifications overview</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../push-notifications/adding-push-support.html">Adding push notifications support</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../push-notifications/getting-started.html">Getting started with push notifications</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../push-notifications/tutorial.html">Tutorial: Push notifications sample app</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../push-notifications/registering.html">Registering with a notification service</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../push-notifications/creating-notifiers.html">Creating notifiers</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../push-notifications/managing-users-and-devices.html">Managing users and devices</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../push-notifications/creating-and-managing-notifications.html">Creating and managing notifications</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../push-notifications/troubleshooting.html">Troubleshooting</a></li>
 </ul>
 <p class="caption"><span class="caption-text">Security &amp; Authentication</span></p>
 <ul class="current">
 <li class="toctree-l1"><a class="reference internal" href="app-security.html">Security &amp; token authentication</a></li>
 <li class="toctree-l1"><a class="reference internal" href="using-permissions.html">Using permissions</a></li>
 <li class="toctree-l1"><a class="reference internal" href="using-roles.html">Using roles</a></li>
 <li class="toctree-l1"><a class="reference internal" href="authenticating-users-and-application-clients.html">Authenticating users &amp; app clients</a></li>
 <li class="toctree-l1 current"><a class="current reference internal" href="">Authentication levels</a><ul>
 <li class="toctree-l2"><a class="reference internal" href="#configuring-authentication-levels">Configuring authentication levels</a></li>
 <li class="toctree-l2"><a class="reference internal" href="#user-authentication-level">User authentication level</a></li>
 <li class="toctree-l2"><a class="reference internal" href="#admin-authentication-levels">Admin authentication levels</a></li>
 </ul>
 </li>
 <li class="toctree-l1"><a class="reference internal" href="changing-token-time-live-ttl.html">Changing token expiration (time-to-live)</a></li>
 <li class="toctree-l1"><a class="reference internal" href="authenticating-api-requests.html">Authenticating API requests</a></li>
 <li class="toctree-l1"><a class="reference internal" href="revoking-tokens-logout.html">Revoking tokens (logout)</a></li>
 <li class="toctree-l1"><a class="reference internal" href="facebook-sign.html">Facebook sign in</a></li>
 <li class="toctree-l1"><a class="reference internal" href="securing-your-app.html">Security best practices</a></li>
 </ul>
 <p class="caption"><span class="caption-text">User Management &amp; Social Graph</span></p>
 <ul>
 <li class="toctree-l1"><a class="reference internal" href="../user-management/user-management.html">User management &amp; social graph</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../user-management/working-user-data.html">Working with User Data</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../user-management/group.html">Working with group data</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../user-management/activity.html">Activity</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../user-management/user-connections.html">Social Graph Connections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../user-management/user-connections.html#creating-other-connections">Creating other connections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../user-management/messagee-example.html">App Example - Messagee</a></li>
 </ul>
 <p class="caption"><span class="caption-text">Geo-location</span></p>
 <ul>
 <li class="toctree-l1"><a class="reference internal" href="../geolocation/geolocation.html">Geolocating your Entities</a></li>
 </ul>
 <p class="caption"><span class="caption-text">Assets &amp; Files</span></p>
 <ul>
 <li class="toctree-l1"><a class="reference internal" href="../assets-and-files/uploading-assets.html">Uploading assets</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../assets-and-files/retrieving-assets.html">Retrieving assets</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../assets-and-files/folders.html">Folders</a></li>
 </ul>
 <p class="caption"><span class="caption-text">Counters &amp; Events</span></p>
 <ul>
 <li class="toctree-l1"><a class="reference internal" href="../counters-and-events/events-and-counters.html">Counters &amp; events</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../counters-and-events/creating-and-incrementing-counters.html">Creating &amp; incrementing counters</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../counters-and-events/creating-and-incrementing-counters.html#decrementing-resetting-counters">Decrementing/resetting counters</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../counters-and-events/creating-and-incrementing-counters.html#using-counters-hierarchically">Using counters hierarchically</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../counters-and-events/retrieving-counters.html">Retrieving counters</a></li>
 </ul>
 <p class="caption"><span class="caption-text">Organizations &amp; Applications</span></p>
 <ul>
 <li class="toctree-l1"><a class="reference internal" href="../orgs-and-apps/managing.html">Organization &amp; application management</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../orgs-and-apps/organization.html">Organization</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../orgs-and-apps/application.html">Application</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../orgs-and-apps/admin-user.html">Admin user</a></li>
 </ul>
 <p class="caption"><span class="caption-text">API Reference</span></p>
 <ul>
 <li class="toctree-l1"><a class="reference internal" href="../rest-endpoints/api-docs.html">Methods</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../rest-endpoints/api-docs.html#models">Models</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../rest-endpoints/api-docs.html#sub-types">Sub-Types</a></li>
 </ul>
 <p class="caption"><span class="caption-text">Client SDKs</span></p>
 <ul>
 <li class="toctree-l1"><a class="reference internal" href="../sdks/tbd.html">COMING SOON...</a></li>
 </ul>
 <p class="caption"><span class="caption-text">Installing Usergrid</span></p>
 <ul>
 <li class="toctree-l1"><a class="reference internal" href="../installation/deployment-guide.html">Usergrid 2.1.0 Deployment Guide</a></li>
 </ul>
 <p class="caption"><span class="caption-text">More about Usergrid</span></p>
 <ul>
 <li class="toctree-l1"><a class="reference internal" href="../reference/presos-and-videos.html">Presentations &amp; Videos</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../reference/contribute-code.html">How to Contribute Code &amp; Docs</a></li>
 </ul>


       </div>
       &nbsp;
     </nav>

     <section data-toggle="wy-nav-shift" class="wy-nav-content-wrap">


       <nav class="wy-nav-top" role="navigation" aria-label="top navigation">
         <i data-toggle="wy-nav-top" class="fa fa-bars"></i>
         <a href="../index.html">Apache Usergrid</a>
       </nav>


       <div class="wy-nav-content">
         <div class="rst-content">
           <div role="navigation" aria-label="breadcrumbs navigation">
   <ul class="wy-breadcrumbs">
     <li><a href="../index.html">Docs</a> &raquo;</li>

     <li>Authentication levels</li>
       <li class="wy-breadcrumbs-aside">


             <a href="../_sources/security-and-auth/user-authentication-types.txt" rel="nofollow"> View page source</a>


       </li>
   </ul>
   <hr/>
 </div>
           <div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article">
            <div itemprop="articleBody">

   <div class="section" id="authentication-levels">
 <h1>Authentication levels<a class="headerlink" href="#authentication-levels" title="Permalink to this headline">¶</a></h1>
 <p>Usergrid supports four levels of authentication, but only one of them is
 used when checking a registered user&#8217;s permissions. The other three
 levels are useful for authenticating other application or web clients
 that require higher-level access to your Usergrid application or
 organization. Because the scope of access that the other authentication
 levels provide is so broad (and as a result, so powerful), it&#8217;s a bad
 practice to use them from a mobile app. Instead, they&#8217;re better suited
 to other client apps, such as web applications.</p>
 <div class="section" id="configuring-authentication-levels">
 <h2>Configuring authentication levels<a class="headerlink" href="#configuring-authentication-levels" title="Permalink to this headline">¶</a></h2>
 <p>Access permissions can only be configured for the &#8216;application user&#8217; –
 this can be done both programmatically and in the admin portal. The
 application, organization and admin clients cannot be configured, and
 can only be accessed programmatically via the API.</p>
 <p>For more about creating and managing roles and permissions for
 application users, see <a class="reference external" href="security-and-auth/using-permissions.html">Using
 Permissions</a> and <a class="reference external" href="security-and-auth/using-roles.html">Using
 Roles</a>. For a look at how
 security features fit together, see <a class="reference external" href="../security-and-auth/app-security.html">App Security
 Overview</a>.</p>
 </div>
 <div class="section" id="user-authentication-level">
 <h2>User authentication level<a class="headerlink" href="#user-authentication-level" title="Permalink to this headline">¶</a></h2>
 <table class="usergrid-table">
 <tr>
     <th><p>Authentication Level</p>
 </th>
     <th><p>Description</p>
 </th>
 </tr>
 <tr>
     <td><p>Application user</p>
 </td>
     <td><p>This is the standard authentication type you will use to implement user
 login for your app. The application user level allows access to your
 Usergrid application as governed by the permission rules you create and
 associated with users and user groups. For more on setting permissions
 see <a class="reference external" href="security-and-auth/using-permissions.html">Using Permissions</a>.
 Each Application User is represented by a User entity in your Usergrid
 application. For more about the User entity, see User.</p>
 </td>
 </tr>
 </table></div>
 <div class="section" id="admin-authentication-levels">
 <h2>Admin authentication levels<a class="headerlink" href="#admin-authentication-levels" title="Permalink to this headline">¶</a></h2>
 <div class="admonition warning"> <p class="first admonition-title"><p>WARNING</p>
   </p> <p class="last">


 Warning: Safe use of admin authentication levels. Never use client ID<p>and client secret, or any hard-coded credentials to authenticate this
 way from a client-side app, such as a mobile app. A hacker could analyze
 your app and extract the credentials for malicious use even if those
 credentials are compiled and in binary format. Even when authenticating
 with username and password, be cautious when using these authentication
 levels since they grant broad access to your Usergrid account. See
 <a class="reference external" href="../security-and-auth/securing-your-app.html">Security Best
 Practices</a> for
 additional considerations in keeping access to your app and its data
 secure.</p>
 </p></div>

 <table class="usergrid-table">
 <tr>
     <th><p>Authentication Level</p>
 </th>
     <th><p>Description</p>
 </th>
 </tr>
 <tr>
    <td><p>Application client</p>
 </td>
    <td><p>Grants full access to perform any operation on an Usergrid application
 (but not other applications within the same organization).</p>
 <p><p>Authentication at this level is useful in a server-side application (not
 a mobile app) that needs access to resources through the Usergrid API.
 For example, imagine you created a website that lists every hiking trail
 in the Rocky Mountains. You would want anyone to be able to view the
 content, but would not want them to access the Usergrid API and all your
 data directly. Instead, you would authenticate as an application client
 in your server-side code to access the data via the API in order to
 serve it to your website&#8217;s visitors.</p>
 </p></td>
 </tr>
 <tr>
    <td><p>Organization client</p>
 </td>
    <td><p>Grants full access to perform any operation on an Usergrid organization.</p>
 <p><p>This authentication level provides the greatest amount of access to an
 individual organization, allowing a client to perform any operation on
 an Usergrid organization and any applications in that organization. This
 level of access should be used sparingly and carefully.</p>
 </p></td>
 </tr>
 <tr>
    <td><p>Admin user</p>
 </td>
    <td><p>Allows full access to perform any operation on all organization accounts
 of which the admin user is a member.</p>
 <p><p>This authentication level is useful from applications that provide
 organization-wide administration features. For example, the Usergrid
 admin portal uses this level of access because it requires full access
 to the administration features.</p>
 </p><p>Unless you have a specific need for administrative features, such as to
 run test scripts that require access to management functionality, you
 should not use the admin user authentication level.</p>
 </td>
 </tr>
 </table></div>
 </div>


            </div>
           </div>
           <footer>

     <div class="rst-footer-buttons" role="navigation" aria-label="footer navigation">

         <a href="changing-token-time-live-ttl.html" class="btn btn-neutral float-right" title="Changing token expiration (time-to-live)" accesskey="n">Next <span class="fa fa-arrow-circle-right"></span></a>


         <a href="authenticating-users-and-application-clients.html" class="btn btn-neutral" title="Authenticating users &amp; app clients" accesskey="p"><span class="fa fa-arrow-circle-left"></span> Previous</a>

     </div>


   <hr/>

   <div role="contentinfo">
     <p>
         &copy; Copyright 2013-2015, Apache Usergrid.

     </p>
   </div>
   Built with <a href="http://sphinx-doc.org/">Sphinx</a> using a <a href="https://github.com/snide/sphinx_rtd_theme">theme</a> provided by <a href="https://readthedocs.org">Read the Docs</a>.

 </footer>

         </div>
       </div>

     </section>

   </div>


     <script type="text/javascript">
         var DOCUMENTATION_OPTIONS = {
             URL_ROOT:'../',
             VERSION:'1.0',
             COLLAPSE_INDEX:false,
             FILE_SUFFIX:'.html',
             HAS_SOURCE:  true
         };
     </script>
       <script type="text/javascript" src="../_static/jquery.js"></script>
       <script type="text/javascript" src="../_static/underscore.js"></script>
       <script type="text/javascript" src="../_static/doctools.js"></script>


     <script type="text/javascript" src="../_static/js/theme.js"></script>


   <script type="text/javascript">
       jQuery(function () {
           SphinxRtdTheme.StickyNav.enable();
       });
   </script>


 </body>
 </html>


	<!DOCTYPE html>
	<!--[if IE 8]><html class="no-js lt-ie9" lang="en" > <![endif]-->
	<!--[if gt IE 8]><!--> <html class="no-js" lang="en" > <!--<![endif]-->
	<head>
	<meta charset="utf-8">

	<meta name="viewport" content="width=device-width, initial-scale=1.0">

	<title>Authentication levels — Apache Usergrid 1.0 documentation</title>















	<link rel="stylesheet" href="../_static/css/theme.css" type="text/css" />





	<link rel="top" title="Apache Usergrid 1.0 documentation" href="../index.html"/>
	<link rel="next" title="Changing token expiration (time-to-live)" href="changing-token-time-live-ttl.html"/>
	<link rel="prev" title="Authenticating users & app clients" href="authenticating-users-and-application-clients.html"/>


	<script src="../_static/js/modernizr.min.js"></script>

	</head>

	<body class="wy-body-for-nav" role="document">

	<div class="wy-grid-for-nav">


	<nav data-toggle="wy-nav-shift" class="wy-nav-side">
	<div class="wy-side-nav-search">



	<a href="../index.html" class="icon icon-home"> Apache Usergrid



	</a>




	<div class="version">
	1.0
	</div>




	<div role="search">
	<form id="rtd-search-form" class="wy-form" action="../search.html" method="get">
	<input type="text" name="q" placeholder="Search docs" />
	<input type="hidden" name="check_keywords" value="yes" />
	<input type="hidden" name="area" value="default" />
	</form>
	</div>


	</div>

	<div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation">



	<p class="caption"><span class="caption-text">Getting Started</span></p>
	<ul>
	<li class="toctree-l1"><a class="reference internal" href="../introduction/overview.html">Getting Started</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../introduction/usergrid-features.html">Usergrid Features</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../introduction/data-model.html">Usergrid Data model</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../introduction/async-vs-sync.html">Async vs. sync calls</a></li>
	</ul>
	<p class="caption"><span class="caption-text">Using Usergrid</span></p>
	<ul>
	<li class="toctree-l1"><a class="reference internal" href="../using-usergrid/creating-account.html">Creating a Usergrid Account</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../using-usergrid/creating-a-new-application.html">Creating a new application</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../using-usergrid/using-a-sandbox-app.html">Using a Sandbox Application</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../using-usergrid/using-the-api.html">Using the API</a></li>
	</ul>
	<p class="caption"><span class="caption-text">Data Storage</span></p>
	<ul>
	<li class="toctree-l1"><a class="reference internal" href="../data-storage/data-store-dbms.html">The Usergrid Data Store</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../data-storage/optimizing-access.html">Data Store Best Practices</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../data-storage/collections.html">Collections</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../data-storage/entities.html">Entities</a></li>
	</ul>
	<p class="caption"><span class="caption-text">Data Queries</span></p>
	<ul>
	<li class="toctree-l1"><a class="reference internal" href="../data-queries/querying-your-data.html">Querying your data</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../data-queries/query-parameters.html">Query parameters & clauses</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../data-queries/operators-and-types.html">Query operators & data types</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../data-queries/advanced-query-usage.html">Advanced query usage</a></li>
	</ul>
	<p class="caption"><span class="caption-text">Entity Connections</span></p>
	<ul>
	<li class="toctree-l1"><a class="reference internal" href="../entity-connections/connecting-entities.html">Connecting entities</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../entity-connections/retrieving-entities.html">Retrieving connections</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../entity-connections/disconnecting-entities.html">Disconnecting entities</a></li>
	</ul>
	<p class="caption"><span class="caption-text">Push Notifications</span></p>
	<ul>
	<li class="toctree-l1"><a class="reference internal" href="../push-notifications/overview.html">Push notifications overview</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../push-notifications/adding-push-support.html">Adding push notifications support</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../push-notifications/getting-started.html">Getting started with push notifications</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../push-notifications/tutorial.html">Tutorial: Push notifications sample app</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../push-notifications/registering.html">Registering with a notification service</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../push-notifications/creating-notifiers.html">Creating notifiers</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../push-notifications/managing-users-and-devices.html">Managing users and devices</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../push-notifications/creating-and-managing-notifications.html">Creating and managing notifications</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../push-notifications/troubleshooting.html">Troubleshooting</a></li>
	</ul>
	<p class="caption"><span class="caption-text">Security & Authentication</span></p>
	<ul class="current">
	<li class="toctree-l1"><a class="reference internal" href="app-security.html">Security & token authentication</a></li>
	<li class="toctree-l1"><a class="reference internal" href="using-permissions.html">Using permissions</a></li>
	<li class="toctree-l1"><a class="reference internal" href="using-roles.html">Using roles</a></li>
	<li class="toctree-l1"><a class="reference internal" href="authenticating-users-and-application-clients.html">Authenticating users & app clients</a></li>
	<li class="toctree-l1 current"><a class="current reference internal" href="">Authentication levels</a><ul>
	<li class="toctree-l2"><a class="reference internal" href="#configuring-authentication-levels">Configuring authentication levels</a></li>
	<li class="toctree-l2"><a class="reference internal" href="#user-authentication-level">User authentication level</a></li>
	<li class="toctree-l2"><a class="reference internal" href="#admin-authentication-levels">Admin authentication levels</a></li>
	</ul>
	</li>
	<li class="toctree-l1"><a class="reference internal" href="changing-token-time-live-ttl.html">Changing token expiration (time-to-live)</a></li>
	<li class="toctree-l1"><a class="reference internal" href="authenticating-api-requests.html">Authenticating API requests</a></li>
	<li class="toctree-l1"><a class="reference internal" href="revoking-tokens-logout.html">Revoking tokens (logout)</a></li>
	<li class="toctree-l1"><a class="reference internal" href="facebook-sign.html">Facebook sign in</a></li>
	<li class="toctree-l1"><a class="reference internal" href="securing-your-app.html">Security best practices</a></li>
	</ul>
	<p class="caption"><span class="caption-text">User Management & Social Graph</span></p>
	<ul>
	<li class="toctree-l1"><a class="reference internal" href="../user-management/user-management.html">User management & social graph</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../user-management/working-user-data.html">Working with User Data</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../user-management/group.html">Working with group data</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../user-management/activity.html">Activity</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../user-management/user-connections.html">Social Graph Connections</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../user-management/user-connections.html#creating-other-connections">Creating other connections</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../user-management/messagee-example.html">App Example - Messagee</a></li>
	</ul>
	<p class="caption"><span class="caption-text">Geo-location</span></p>
	<ul>
	<li class="toctree-l1"><a class="reference internal" href="../geolocation/geolocation.html">Geolocating your Entities</a></li>
	</ul>
	<p class="caption"><span class="caption-text">Assets & Files</span></p>
	<ul>
	<li class="toctree-l1"><a class="reference internal" href="../assets-and-files/uploading-assets.html">Uploading assets</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../assets-and-files/retrieving-assets.html">Retrieving assets</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../assets-and-files/folders.html">Folders</a></li>
	</ul>
	<p class="caption"><span class="caption-text">Counters & Events</span></p>
	<ul>
	<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/events-and-counters.html">Counters & events</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/creating-and-incrementing-counters.html">Creating & incrementing counters</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/creating-and-incrementing-counters.html#decrementing-resetting-counters">Decrementing/resetting counters</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/creating-and-incrementing-counters.html#using-counters-hierarchically">Using counters hierarchically</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../counters-and-events/retrieving-counters.html">Retrieving counters</a></li>
	</ul>
	<p class="caption"><span class="caption-text">Organizations & Applications</span></p>
	<ul>
	<li class="toctree-l1"><a class="reference internal" href="../orgs-and-apps/managing.html">Organization & application management</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../orgs-and-apps/organization.html">Organization</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../orgs-and-apps/application.html">Application</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../orgs-and-apps/admin-user.html">Admin user</a></li>
	</ul>
	<p class="caption"><span class="caption-text">API Reference</span></p>
	<ul>
	<li class="toctree-l1"><a class="reference internal" href="../rest-endpoints/api-docs.html">Methods</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../rest-endpoints/api-docs.html#models">Models</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../rest-endpoints/api-docs.html#sub-types">Sub-Types</a></li>
	</ul>
	<p class="caption"><span class="caption-text">Client SDKs</span></p>
	<ul>
	<li class="toctree-l1"><a class="reference internal" href="../sdks/tbd.html">COMING SOON...</a></li>
	</ul>
	<p class="caption"><span class="caption-text">Installing Usergrid</span></p>
	<ul>
	<li class="toctree-l1"><a class="reference internal" href="../installation/deployment-guide.html">Usergrid 2.1.0 Deployment Guide</a></li>
	</ul>
	<p class="caption"><span class="caption-text">More about Usergrid</span></p>
	<ul>
	<li class="toctree-l1"><a class="reference internal" href="../reference/presos-and-videos.html">Presentations & Videos</a></li>
	<li class="toctree-l1"><a class="reference internal" href="../reference/contribute-code.html">How to Contribute Code & Docs</a></li>
	</ul>



	</div>

	</nav>

	<section data-toggle="wy-nav-shift" class="wy-nav-content-wrap">


	<nav class="wy-nav-top" role="navigation" aria-label="top navigation">
	<i data-toggle="wy-nav-top" class="fa fa-bars"></i>
	<a href="../index.html">Apache Usergrid</a>
	</nav>



	<div class="wy-nav-content">
	<div class="rst-content">
	<div role="navigation" aria-label="breadcrumbs navigation">
	<ul class="wy-breadcrumbs">
	<li><a href="../index.html">Docs</a> »</li>

	<li>Authentication levels</li>
	<li class="wy-breadcrumbs-aside">


	<a href="../_sources/security-and-auth/user-authentication-types.txt" rel="nofollow"> View page source</a>


	</li>
	</ul>
	<hr/>
	</div>
	<div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article">
	<div itemprop="articleBody">

	<div class="section" id="authentication-levels">
	<h1>Authentication levels<a class="headerlink" href="#authentication-levels" title="Permalink to this headline">¶</a></h1>
	<p>Usergrid supports four levels of authentication, but only one of them is
	used when checking a registered user’s permissions. The other three
	levels are useful for authenticating other application or web clients
	that require higher-level access to your Usergrid application or
	organization. Because the scope of access that the other authentication
	levels provide is so broad (and as a result, so powerful), it’s a bad
	practice to use them from a mobile app. Instead, they’re better suited
	to other client apps, such as web applications.</p>
	<div class="section" id="configuring-authentication-levels">
	<h2>Configuring authentication levels<a class="headerlink" href="#configuring-authentication-levels" title="Permalink to this headline">¶</a></h2>
	<p>Access permissions can only be configured for the ‘application user’ –
	this can be done both programmatically and in the admin portal. The
	application, organization and admin clients cannot be configured, and
	can only be accessed programmatically via the API.</p>
	<p>For more about creating and managing roles and permissions for
	application users, see <a class="reference external" href="security-and-auth/using-permissions.html">Using
	Permissions</a> and <a class="reference external" href="security-and-auth/using-roles.html">Using
	Roles</a>. For a look at how
	security features fit together, see <a class="reference external" href="../security-and-auth/app-security.html">App Security
	Overview</a>.</p>
	</div>
	<div class="section" id="user-authentication-level">
	<h2>User authentication level<a class="headerlink" href="#user-authentication-level" title="Permalink to this headline">¶</a></h2>
	<table class="usergrid-table">
	<tr>
	<th><p>Authentication Level</p>
	</th>
	<th><p>Description</p>
	</th>
	</tr>
	<tr>
	<td><p>Application user</p>
	</td>
	<td><p>This is the standard authentication type you will use to implement user
	login for your app. The application user level allows access to your
	Usergrid application as governed by the permission rules you create and
	associated with users and user groups. For more on setting permissions
	see <a class="reference external" href="security-and-auth/using-permissions.html">Using Permissions</a>.
	Each Application User is represented by a User entity in your Usergrid
	application. For more about the User entity, see User.</p>
	</td>
	</tr>
	</table></div>
	<div class="section" id="admin-authentication-levels">
	<h2>Admin authentication levels<a class="headerlink" href="#admin-authentication-levels" title="Permalink to this headline">¶</a></h2>
	<div class="admonition warning"> <p class="first admonition-title"><p>WARNING</p>
	</p> <p class="last">


	Warning: Safe use of admin authentication levels. Never use client ID<p>and client secret, or any hard-coded credentials to authenticate this
	way from a client-side app, such as a mobile app. A hacker could analyze
	your app and extract the credentials for malicious use even if those
	credentials are compiled and in binary format. Even when authenticating
	with username and password, be cautious when using these authentication
	levels since they grant broad access to your Usergrid account. See
	<a class="reference external" href="../security-and-auth/securing-your-app.html">Security Best
	Practices</a> for
	additional considerations in keeping access to your app and its data
	secure.</p>
	</p></div>

	<table class="usergrid-table">
	<tr>
	<th><p>Authentication Level</p>
	</th>
	<th><p>Description</p>
	</th>
	</tr>
	<tr>
	<td><p>Application client</p>
	</td>
	<td><p>Grants full access to perform any operation on an Usergrid application
	(but not other applications within the same organization).</p>
	<p><p>Authentication at this level is useful in a server-side application (not
	a mobile app) that needs access to resources through the Usergrid API.
	For example, imagine you created a website that lists every hiking trail
	in the Rocky Mountains. You would want anyone to be able to view the
	content, but would not want them to access the Usergrid API and all your
	data directly. Instead, you would authenticate as an application client
	in your server-side code to access the data via the API in order to
	serve it to your website’s visitors.</p>
	</p></td>
	</tr>
	<tr>
	<td><p>Organization client</p>
	</td>
	<td><p>Grants full access to perform any operation on an Usergrid organization.</p>
	<p><p>This authentication level provides the greatest amount of access to an
	individual organization, allowing a client to perform any operation on
	an Usergrid organization and any applications in that organization. This
	level of access should be used sparingly and carefully.</p>
	</p></td>
	</tr>
	<tr>
	<td><p>Admin user</p>
	</td>
	<td><p>Allows full access to perform any operation on all organization accounts
	of which the admin user is a member.</p>
	<p><p>This authentication level is useful from applications that provide
	organization-wide administration features. For example, the Usergrid
	admin portal uses this level of access because it requires full access
	to the administration features.</p>
	</p><p>Unless you have a specific need for administrative features, such as to
	run test scripts that require access to management functionality, you
	should not use the admin user authentication level.</p>
	</td>
	</tr>
	</table></div>
	</div>


	</div>
	</div>
	<footer>

	<div class="rst-footer-buttons" role="navigation" aria-label="footer navigation">

	<a href="changing-token-time-live-ttl.html" class="btn btn-neutral float-right" title="Changing token expiration (time-to-live)" accesskey="n">Next <span class="fa fa-arrow-circle-right"></span></a>


	<a href="authenticating-users-and-application-clients.html" class="btn btn-neutral" title="Authenticating users & app clients" accesskey="p"><span class="fa fa-arrow-circle-left"></span> Previous</a>

	</div>


	<hr/>

	<div role="contentinfo">
	<p>
	© Copyright 2013-2015, Apache Usergrid.

	</p>
	</div>
	Built with <a href="http://sphinx-doc.org/">Sphinx</a> using a <a href="https://github.com/snide/sphinx_rtd_theme">theme</a> provided by <a href="https://readthedocs.org">Read the Docs</a>.

	</footer>

	</div>
	</div>

	</section>

	</div>





	<script type="text/javascript">
	var DOCUMENTATION_OPTIONS = {
	URL_ROOT:'../',
	VERSION:'1.0',
	COLLAPSE_INDEX:false,
	FILE_SUFFIX:'.html',
	HAS_SOURCE: true
	};
	</script>
	<script type="text/javascript" src="../_static/jquery.js"></script>
	<script type="text/javascript" src="../_static/underscore.js"></script>
	<script type="text/javascript" src="../_static/doctools.js"></script>





	<script type="text/javascript" src="../_static/js/theme.js"></script>




	<script type="text/javascript">
	jQuery(function () {
	SphinxRtdTheme.StickyNav.enable();
	});
	</script>


	</body>
	</html>