# Authentication

Chamilo supports multiple authentication methods, from the built-in username/password system to enterprise single sign-on solutions. This section covers how to configure external authentication providers.

* [**OAuth2**](https://docs.chamilo.org/2.x/administration-guide/admin-guide/authentication/oauth2) — Azure AD, Keycloak, Facebook, and generic OAuth2 providers
* [**LDAP**](https://docs.chamilo.org/2.x/administration-guide/admin-guide/authentication/ldap) — Authenticate against an LDAP or Active Directory server
* [**CAS**](https://docs.chamilo.org/2.x/administration-guide/admin-guide/authentication/cas) — Central Authentication Service
* [**SCIM**](https://docs.chamilo.org/2.x/administration-guide/admin-guide/authentication/scim) — Automatic user provisioning from external identity providers
* [**SSO Configuration**](https://docs.chamilo.org/2.x/administration-guide/admin-guide/authentication/sso-configuration) — General single sign-on settings and troubleshooting

## Default Authentication

By default, Chamilo uses its own internal authentication system. Users log in with a username and password stored in the Chamilo database.

## External Authentication

When you configure an external provider, Chamilo delegates the login process to that provider. The benefits include:

* **Single sign-on** — Users log in once and access Chamilo without entering a separate password
* **Centralized user management** — User accounts are managed in your organization's identity system
* **Security** — Password policies and multi-factor authentication are handled by the identity provider

You can enable multiple authentication methods simultaneously. Users will see buttons for each configured provider on the login page alongside the standard login form.