In order to support authentication, data encryption, or data integrity, the .NET Data Provider for Teradata must establish a secure session context utilizing TeraGSS. This session context will be established using one of the supported authentication mechanisms. The .NET Data Provider for Teradata chooses the authentication mechanism in this sequence. If the value is not defined, the provider continues until an authentication mechanism has been selected.

1. AuthenticationMechanism specified by the application. The application may set this value to any of the supported authentication mechanisms. The supported mechanisms are "JWT", "LDAP", "SPNEGO", "TD2", and "TDNEGO".
2. Authentication mechanism in the client configuration that has been marked with default=true. At installation time, none of the authentication mechanisms have the default value set to true. An administrator must modify the configuration to enable a default client authentication mechanism.
3. The Advanced SQL Engine default authentication mechanism.

If the mechanism is selected by Option 1 or Option 2, the authentication mechanism must be enabled on the SQL Engine. Otherwise, the connection attempt will fail.

If IntegratedSecurity has been enabled, the provider chooses the mechanism as follows:

1. The client TeraGSS configuration is searched for all mechanisms that support Single Sign On.
2. The mechanisms are ordered by the MechanismRank property.
3. The highest ranked mechanism is selected.

If the selected mechanism is not enabled on the SQL Engine, the next ranked mechanism is selected. This process continues until a mechanism is selected, or no other mechanisms remain in the list of possible Single Sign On mechanisms.