The Identity Server facilitates authentication for all Access Manager components. This authentication is shared with internal or external service providers on behalf of the user by means of assertions. Access Manager supports a number of authentication methods, such as name/password, RADIUS token-based authentication, X.509 digital certificates, Kerberos, Risk-based authentication, Time-Based One-Time Password (TOTP), Social authentication, and OpenID Connect. You specify authentication methods in the contracts that you want to make available to the other components of Access Manager, such as Access Gateway.
User data is stored in user stores. User stores are LDAP directory servers to which end users authenticate. You can configure a user store with more than one replica to provide load balancing and failover capability.