CAM Authentication and Authorization

Authentication is the process of confirming a user's identity via the user's login credentials. Authorization gives access to systems based on that confirmed identity.


The authentication process at your site will take one of two forms:

  • CAM authentication: Used in sites where Cherwell Asset Management (CAM) is installed on-premises as a standalone product. In some situations where both CAM and Cherwell Service Management (CSM) are installed on-premises, you may choose to configure authentication separately in each product and thus use CAM authentication in Cherwell Asset Management. In this configuration, authentication is managed by CAM, which uses your Windows login to authenticate. This was the only authentication method available in pre-12.0 versions.
  • CSM authentication: Used in all hosted installations of CAM (which also include CSM), and available in on-premises installations that include both CAM and CSM. Authentication is managed by CSM; CAM makes use of CSM services during some processes.

There may be cases where your site changes authentication methods.


  • You can evaluate CAM in an on-premises installation and then migrate to a hosted installation. In this case, the change happens as part of provisioning and you don't need to take action.
  • You have an on-premises installation, which uses CAM authentication by default, and you want to instead use CSM authentication. In this case, see Checklist for Using CSM Authentication and How to change the authentication method for the procedures to follow.


The authentication method used at your site dictates how users are authorized to use CAM.

  • In sites that use CAM authentication, access to all, or certain features of, CAM is controlled by means of user policies in CAM Administrator and access profiles in Purchasing. With CAM authentication, users of each application (CAM and CSM) are separate.
  • In sites that use CSM authentication, access to Cherwell Asset Management and Cherwell Service Management is managed from within CSM (using CSM Administrator) and controlled via integration between the two products as follows:
    • Instead of configuring user policies in CAM Administrator, you create security groups in CSM and assign rights to access all or part of CAM to each security group. Then add CSM users to those security groups to give them access to the parts of the CAM product you want them to use.
    • Regardless of whether you were using the access profiles feature in Purchasing to manage purchasing users, once you change to the CSM authentication method, access profiles are automatically enabled and are defined by CSM teams. You set up CSM user teams, which become available anywhere access profiles appear in Purchasing.

Note that before you can use CSM authentication, there are some tasks you need to perform in Cherwell Service Management before and after changing the authentication method. Also, contact us if you need to verify compatibility between your versions of CAM and CSM.

Effects in Cherwell Asset Management

Some features in Cherwell Asset Management will appear unavailable depending on your site's authentication method.

If you use CSM authentication in either an on-premises or hosted installation, you use Cherwell Service Management to manage access to Cherwell Asset Management, rather than CAM's user policies feature. Thus, the Administrator and Reporting Applications items are unavailable from CAM Administrator's Tools > User Policies and Authentication menu. You'll still use the Administration panel in Purchasing to control visibility within Purchasing via access profiles, but CSM teams will function as your access profiles.

Sites that use CSM authentication in either an on-premises or hosted installation will not use the Administration panel in Reporting to control access to reporting functions. Instead, reports rights are managed by CSM security groups. Thus, the Administration panel in Reporting is not visible when using CSM authentication.