: Authenticate the Agent and the Cloud Identity Engine

Authenticate the Agent and the Cloud Identity Engine

Table of Contents

Authenticate the Agent and the Cloud Identity Engine

Generate certificates to authenticate communication between the Cloud Identity agent and the Cloud Identity Engine.
The Cloud Identity Engine and the Cloud Identity agent use a certificate for mutual authentication (i.e., the agent authenticates the service and the service authenticates the agent) over Transport Layer Security (TLS). If the certificate is valid, the agent connects to the Cloud Identity Engine. If the certificate is not valid, the Cloud Identity Engine rejects the connection.
To authenticate the Cloud Identity Engine and the Cloud Identity agent, generate a Cloud Identity Engine certificate using the Cloud Identity Engine app and import it to the Local Computer certificate store on the Windows server that hosts the agent. Each certificate expires three months from the issuance date. The Cloud Identity agent version 1.5.0 and later versions automatically renews the certificate before it expires.
Each agent must use a unique certificate to authenticate with the service. Only use the certificate for the agent in the selected tenant. Generate certificates on an as-needed basis and do not use the certificate for other services or share them between agents. You can generate up to 5 unused certificates and up to 100 total certificates per tenant. You can only use the certificate for the specified tenant and you can only associate the certificate with one agent.
  1. Enter a unique
    Certificate Name
    The name must be between 5 and 128 alphanumeric characters.
  2. Enter a secure password in the
    Create Password
    Re-enter Password
    The password must be between 12 to 25 characters. You will need to enter this password when you install the certificate on the agent host.
  3. Click
    Download Certificate
  4. Store the certificate in the Local Computer Personal certificate store on the agent host.
    For more information on how to store certificates, see the following link.
    After the agent authenticates with the Cloud Identity Engine, it provides the directory attributes to the service. The service then shares the attributes with the apps that you with the Cloud Identity Engine for visibility and policy enforcement. For more information, refer to Manage Cloud Identity Engine Certificates.

Next Steps

  • Use the Cloud Identity Engine app to create, view, delete, rename, or synchronize tenants and to view or customize the attributes that the Cloud Identity Engine collects.
  • Learn how to manage the Cloud Identity agent by logging agent events, managing the certificates that the agent uses, starting or stopping the agent’s connection to the Cloud Identity Engine, and updating or removing the agent.

Recommended For You