An Inbound Security module is used to authenticate requests as they arrive. This includes any incoming FHIR requests, administrative commands on the JSON Admin API, and users logging into the Web Admin Console and the OpenID Connect login identity server.
Various modules may depend on an Inbound Security module, and you can choose an appropriate type of Inbound Security module depending on your requirements. For example, the Local Inbound Security module stores credentials in a local table inside Smile CDR's own database. Other module types can store credentials in other places.
Whether or not authentication credentials are being stored in Smile CDR's database, a local entry in Smile CDR's user table is always created for any user accessing the system. This is done in order to tie requests to audit log entries, etc.
The Inbound Security module is responsible for accepting incoming credentials and validating them, as well as assigning a set of permissions to the user (or their current session).
The Roles and Permissions page has information about the various permissions that can potentially be granted. The mechanism for granting them varies depending on the type of security module.
A callback script may be executed during the authentication process in order to add additional functionality (e.g. by adding user attributes by querying an existing system or by modifying the user permissions assigned to the session).
See onAuthenticateSuccess for information on how to configure this.