TaskControl uses several authentication methods depending on the technical implementation.
Authentication methods cannot be combined.
OIDC protocol implemented by Microsoft Azure Active Directory is the most common way to authenticate a user to TaskControl. The authentication process is fully in control of Microsoft Azure. The Azure AD user creates confirmation ticket that is securely redirected to TaskControl verifying user identity (unique ID correspoinding to Azure AD identifier). If the user account is configured for multi-factor authentication, the second factor is used as well.
OIDC authentication can be deployed in Azure or on-premise TaskControl implementation.
Users can work with enterprise Azure AD accounts or Microsoft public accounts (@hotmail.com, @live.com, @outlook.com etc.) if allowed during implementation.
OpenIDConnect implementation from other providers can be considered but is not implemented at this moment.
For on-premise deployment of TaskControl in own customer datacenter with MS Active Directory, it is most common to use single-sign on method. The internet browser provides secured Windows Authentication using kerberos ticekt from operating system and the user is authenticated from Windows login account.
Windows authentication is typically used with Active Directory structure where web server with TaskControl is part of an AD domain as well as the client computers accessing TaskControl website. It is possible in special circumstances to create local account on the webserver with same user and password combination as on the local computer.
TaskControl can be deployed with local users storing password in TaskControl database. This implementation is not recommneded due to lower level of security.