User authentication

By default, user credentials are stored in Neptune DXP - Open Edition using bcrypt. There are a number of password policies that can be configured, for example, the minimum password length or time-based expiration, which is useful for smaller organizations.

For large organizations, Neptune DXP - Open Edition supports multiple user security and authentication methods, as listed below.


Neptune DXP - Open Edition does not store any passwords if an external authentication source is used. If you are using an external system, it should have SSL enabled and preferably not be a public-facing service. Note that the connection made to the system is done by Neptune DXP - Open Edition, not the client.

Anonymous login

The anonymous authentication provider allows users to log in to your application without providing credentials. Each time someone authenticates anonymously, the provider generates a new anonymous user object for that session.

  • Launchpad: You enable anonymous access to the launchpad in the Launchpad.

  • App Designer: You enable anonymous access to the App Designer in the App Designer.

X.509 certificate

Neptune DXP - Open Edition works like a cloud connector to generate X.509 certificates, which can be used, for example, by SAPs STRUST to generate identity authentication on SAP cloud or SAP on-premise devices.

Read more on how to generate certificates.


Large organizations sometimes use LDAP (Lightweight Directory Access Protocol) as external authentication service, which can be used with Neptune DXP - Open Edition as well. When a user logs in with LDAP, Neptune DXP - Open Edition queries the LDAP server. If the user is found, Neptune DXP - Open Edition logs the user in and adds the groups to the user returned from LDAP, if any.

Read more on how to configure an LDAP connection with Neptune DXP - Open Edition in System Settings.


Most organizations already know the identity of their users because they are logged in to their active directory domain or intranet. This information can be used to log users into other web-based applications, such as SAML.

SAML (Security Assertion Markup Language) is a standard authentication process for logging users into applications based on their sessions in another context. Neptune DXP - Open Edition supports SAML authentication and authorization.

Read more on how to configure SAML connection in System Settings.

Self registration

Self-registration is the process of allowing users to create their own account. Neptune DXP - Open Edition supports this process. Read more on how to configure self-registration in the launchpad settings.

Local user

Sometimes an organization wants to generate role-based local users to access the Cockpit, a launchpad, or other applications. You can create local users and assign roles to them, enabling them to maintain the user management themselves.

Roles define what a user has access to. A role can be assigned directly to a user or a group of users. The most permissive role always wins. For example, if a user is part of two groups and one group has only read access to an operation, but the second group has write access, then the user has write access, too.

Read more on how to add a local user in User.

Microsoft Entra ID

Microsoft Entra ID is one of the most popular authentication methods. Neptune DXP - Open Edition supports this.

Read more on how to set up Microsoft Entra ID Bearer authentication in System Settings.