The
Cloud Identity Engine provides both user
identification and user authentication for mobile user deployments. Using the Cloud
Identity Engine for user authentication and username-to-user group mapping allows you to
write security policy based on users and groups, not IP addresses, and helps secure your
assets by enforcing behavior-based security actions. By continually syncing the
information from your directories, the Cloud Identity Engine ensures that your user
information is accurate and up to date and policy enforcement continues based on the
mappings even if the SAML identity provider (IdP) is temporarily unavailable.