This section includes some bits of information we've collected that will eventually be moved into some sort of Administrative Guide.

Rock uses a pluggable services (MEF) for authentication. Currently there are working services for Database, Active Directory, and Facebook. By default, only the Database service is active but you can activate the others by going to Administration > General Settings > Authentication Services.

Active Directory requires a domain and server name. Here's what our values are to give you an example:

Domain: ccvonline.com
Server: ccvds1.ccvonline.com

Facebook requires an App Id and Secret Id.

There are two types of authentication services, internal and external. Internal services would authenticate a user by evaluating the login username and password entered in the login page (Database, Active Directory), and external services would authenticate a user by redirecting them to an external site (i.e. Facebook, Twitter, etc). Because of this there are two new fields on the UserLogin table: ServiceType (0 = internal, 1 = external) and ServiceName (the class name of the MEF service used to authenticate user).

Note: There is also a new plugin to the Rock quarry for authenticating Arena logins. This can be installed using our Plugins functionality and it adds an additional authentication service for authenticating a user with an Arena encrypted password. To use this, you would need to import/sync Arena logins into Rock, and set the ServiceType to 0, and ServiceName to Rock.Org.SparkDevNet.Authentication.Arena. Then when one of these users logs in, the service is able to authenticate them with the Arena password. Optionally it can also be configured to convert a user record to use the default Rock database service the first time a user logs in.