Authentication methods overview
Active Directory authentication
When a site uses Active Directory (or "AD") authentication, once a user is logged into their organisation's network, they are automatically logged in to the intranet. They do not need to enter a separate site login.
However, if a user is outside the organisation's network (e.g. a staff member working from home) they must use a VPN to access the network.
With AD authentication users are not created or deleted within the site; this is all managed via AD. Generally an organisation's IT Team are responsible for adding or deleting users in AD and managing AD passwords and password resets.
As AD authentication effectively prevents staff from accessing their intranet via a mobile or outside the office network, SMLWRLD do not support this method.
ADFS and Azure AD authentication
For Active Directory Federation Services (or "ADFS") and Azure AD, just the same as AD Authentication, once a user is logged into their organisation's network, they are automatically logged in to the intranet. They do not need to enter a separate site login.
However, if a user is outside the organisation's network (e.g. a staff member working from home) they can easily login to the site via their browser using their AD details.
Like AD Authentication, users are not created within the site and are managed via the organisation's AD. However, for ADFS users must still be deleted from the site manually. This should be included in an organisation's process for managing staff leavers.
With native authentication users' login details are managed within the site; user names and encrypted passwords are stored in the site database. To access the site, users have to enter a username (normally an email address) and password into the site's login page.
Administrators are responsible for adding and deleting users and resetting users' passwords.
If an intranet has a lot of external users (such as suppliers and external agencies) then native authentication may be the best method.