Set Up an Authentication Profile
Table of Contents
Set Up an Authentication Profile
Configure an authentication profile to use
to authenticate users with the Cloud Identity Engine. You can specify
one or more authentication types by group or by directory or for
all directories.
To use more than one authentication type in your authentication profile, you must configure a directory in
the Cloud Identity Engine. For a single client certificate authentication type,
configuring a directory in the Cloud Identity Engine is optional. There is no
directory requirement for a single SAML 2.0-compliant authentication type.
- Select thenAdd Authentication Profile.
- If you have not already done so, Configure a SAML 2.0 Authentication Type or Configure a Client Certificate to use as an authentication type.
- Enter a uniqueProfile Name.
- Select theAuthentication Mode.
- If you selectSingleas the authentication mode, clickSelect authentication typeand select the authentication type you want to use.
- If either of the following apply to your configuration, select theDirectory Sync Username AttributeandDirectory Sync Group Attribute.
- You selectedMultipleas the Authentication Mode and you have configured a client certificate.
- You selectedSingleand the Authentication Type is Client Certificate.
To successfully authenticate users using a client certificate, the value of theDirectory Sync Username Attributemust match the value of theUsername Attributeyou select when you configure the Client Certificate Authentication Type.
- (Multiple Authentication Mode only) Define theAuthentication mapping orderby selecting the configured authentication types that you want to use to authenticate users.
- (Multiple Authentication Mode only) During authentication, the Cloud Identity Engine uses the given user identity information to obtain the directory group information for the user to determine if the user’s group has an assigned authentication type. If the user belongs to multiple groups, the Cloud Identity Engine uses the first authentication type you assign to the group for user authentication.
- Select theDefault authentication typethat you want the Cloud Identity Engine to use to authenticate users if the user is not in an assigned group.As a best practice, assign an authentication type for each group you want to authenticate using the Cloud Identity Engine.
- Choose directories and groupsby selecting a directory or selectingAll Directories.
You can also search byDirectory Sync Group Attribute(such asCommon-Name).
- Select the group or groups from each directory that you want to authenticate using the authentication type you select in the next step.
- Select an authentication typeandAssignit to assign this authentication type to the group or groups you selected.
- Review your selections by authentication type or selectAll Authentication Typesto see all assigned groups.
- Submityour changes to configure the authentication profile.