Authenticate the Agent and the Cloud Identity Engine
Generate certificates to authenticate communication between
the Cloud Identity agent and the Cloud Identity Engine.
The Cloud Identity Engine and the Cloud Identity
agent use a certificate for mutual authentication (i.e., the agent
authenticates the service and the service authenticates the agent)
over Transport Layer Security (TLS). If the certificate is valid,
the agent connects to the Cloud Identity Engine. If the certificate
is not valid, the Cloud Identity Engine rejects the connection.
authenticate the Cloud Identity Engine and the Cloud Identity agent,
generate a Cloud Identity Engine certificate using the Cloud Identity
Engine app and import it to the Local Computer certificate store
on the Windows server that hosts the agent. Each certificate expires
three months from the issuance date. The Cloud Identity agent version
1.5.0 and later versions automatically renews the certificate before
Each agent must use a unique certificate to authenticate
with the service. Only use the certificate for the agent in the
selected instance. Generate certificates on an as-needed basis and
do not use the certificate for other services or share them between
identify the certificate.
The name must be between 5 and 128 alphanumeric characters.
Enter the password for the certificate in the
The password must be between 12 to 25 characters. You will
need to enter this password when you install the certificate on
the agent host.
generate and download the Cloud Identity Engine certificate.
The certificate may take some time to generate, so
make sure you click
You can generate up to 5 unused certificates and
up to 100 total certificates per instance. You can only use the
certificate for the specified instance and you can only associate
the certificate with one agent.
Store the certificate in the Local Computer Personal
certificate store on the agent host.
For more information on how to store certificates, see
the following link.
You can view the lifetime of the certificate on the
page in the Cloud Identity Engine
After the agent authenticates with the Cloud Identity
Engine, it provides the directory attributes to the service. The
service then shares the attributes with the apps that you with the
Cloud Identity Engine for visibility and policy enforcement. For
more information, refer to Manage Cloud Identity Engine Certificates.
Cloud Identity Engine instance with an application.
Use the Cloud Identity
Engine app to create, view, delete, rename, or synchronize
instances and to view or customize the attributes that the Cloud
Identity Engine collects.
Learn how to manage the Cloud
Identity agent by logging agent events, managing the certificates
that the agent uses, starting or stopping the agent’s connection
to the Cloud Identity Engine, and updating or removing the agent.