1. Home
    2. Cloud Identity
    3. Cloud Identity Engine Getting Started
    4. Authenticate Users with the Cloud Identity Engine
    5. Set Up an Authentication Profile

    Set Up an Authentication Profile

    Configure an authentication profile to use to authenticate users with the Cloud Identity Engine. You can specify one or more authentication types by group or by directory or for all directories.
    To use more than one authentication type in your authentication profile, you must configure a directory in the Cloud Identity Engine. For a single client certificate authentication type, configuring a directory in the Cloud Identity Engine is optional. There is no directory requirement for a single SAML 2.0 authentication type.
    1. Select
      Authentication
      Authentication Profiles
       then
      Add Authentication Profile
      .
    2. If you have not already done so, Configure a SAML 2.0 Authentication Type or Configure a Client Certificate to use as an authentication type.
    3. Enter a unique
      Profile Name
      .
    4. Select the
      Authentication Mode
      .
      • If you select
        Single
         as the authentication mode, click
        Select authentication type
         and select the authentication type you want to use.
      • If you select
        Multiple
         as the Authentication Mode and you have configured a client certificate or if you select
        Single
         and the Authentication Type is Client Certificate, select the
        Directory Sync Username Attribute
         and
        Directory Sync Group Attribute
        .
        To successfully authenticate users using a client certificate, the value of the
        Directory Sync Username Attribute
         must match the value of the
        Username Attribute
         you select when you configure the Client Certificate Authentication Type.
    5. (Multiple Authentication Mode only) Define the
      Authentication mapping order
       by selecting the configured authentication types that you want to use to authenticate users.
    6. (Multiple Authentication Mode only) During authentication, the Cloud Identity Engine uses the given user identity information to obtain the directory group information for the user to determine if the user’s group has an assigned authentication type. If the user belongs to multiple groups, the Cloud Identity Engine uses the first authentication type you assign to the group for user authentication.
    7. Select the
      Default authentication type
       that you want the Cloud Identity Engine to use to authenticate users if the user is not in an assigned group.
      As a best practice, assign an authentication type for each group you want to authenticate using the Cloud Identity Engine.
    8. Choose directories and groups
       by selecting a directory or selecting
      All Directories
      .
      You can also search by
      Directory Sync Group Attribute
       (such as
      Common-Name
      ).
    9. Select the group or groups from each directory that you want to authenticate using the authentication type you select in the next step.
    10. Select an authentication type
       and
      Assign
       it to assign this authentication type to the group or groups you selected.
    11. Review your selections by authentication type or select
      All Authentication Types
       to see all assigned groups.
    12. Submit
       your changes to configure the authentication profile.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2023 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo