Set Up an Authentication Profile

Configure an authentication profile to use to authenticate users with the Cloud Identity Engine. You can specify one or more authentication types by group or by directory or for all directories.
To use more than one authentication type in your authentication profile, you must configure a directory in the Cloud Identity Engine. For a single client certificate authentication type, configuring a directory in the Cloud Identity Engine is optional. There is no directory requirement for a single SAML 2.0 authentication type.
  1. Select
    Authentication Profiles
    Add Authentication Profile
  2. If you have not already done so, Configure a SAML 2.0 Authentication Type or Configure a Client Certificate to use as an authentication type.
  3. Enter a unique
    Profile Name
  4. Select the
    Authentication Mode
    • If you select
      as the authentication mode, click
      Select authentication type
      and select the authentication type you want to use.
    • If you select
      as the Authentication Mode and you have configured a client certificate or if you select
      and the Authentication Type is Client Certificate, select the
      Directory Sync Username Attribute
      Directory Sync Group Attribute
      To successfully authenticate users using a client certificate, the value of the
      Directory Sync Username Attribute
      must match the value of the
      Username Attribute
      you select when you configure the Client Certificate Authentication Type.
  5. (Multiple Authentication Mode only) Define the
    Authentication mapping order
    by selecting the configured authentication types that you want to use to authenticate users.
  6. (Multiple Authentication Mode only) During authentication, the Cloud Identity Engine uses the given user identity information to obtain the directory group information for the user to determine if the user’s group has an assigned authentication type. If the user belongs to multiple groups, the Cloud Identity Engine uses the first authentication type you assign to the group for user authentication.
  7. Select the
    Default authentication type
    that you want the Cloud Identity Engine to use to authenticate users if the user is not in an assigned group.
    As a best practice, assign an authentication type for each group you want to authenticate using the Cloud Identity Engine.
  8. Choose directories and groups
    by selecting a directory or selecting
    All Directories
    You can also search by
    Directory Sync Group Attribute
    (such as
  9. Select the group or groups from each directory that you want to authenticate using the authentication type you select in the next step.
  10. Select an authentication type
    it to assign this authentication type to the group or groups you selected.
  11. Review your selections by authentication type or select
    All Authentication Types
    to see all assigned groups.
  12. Submit
    your changes to configure the authentication profile.

Recommended For You