Identity Provider Setup

The Identity Provider Setup allows you to configure user authentication. You can configure authentication to require that users or groups authenticate to access websites for specific acceptable use policy (AUP) categories. With this configuration in place, you can also report usernames and groups in access control events.

ETP supports the following identity providers:
  • Akamai
  • Third-Party SAML
  • Okta
  • PingOne

4a. Identity Connectors

An identity connector is a complete virtual appliance that you download in ETP and deploy behind the firewall in your data centers or hybrid cloud environments. Identity connectors allow ETP to synchronize with your organization’s Active Directory (AD) or Lightweight Directory Access Protocol (LDAP) servers.

To download an identity connector, see Create and download an identity connector.

4b. Directories

A directory is a service that your enterprise uses to manage users and user groups. To authorize user access to domains or URLs in a policy, you add directories to ETP and associate them with identity providers.

ETP supports these directory services:
  • Cloud Directory
  • Active Directory (AD)
  • Lightweight Directory Access Protocol (LDAP)
  • Active Directory Lightweight Directory Services (AD LDS)
Note: Cloud directory is an internal ETP directory that’s intended for testing purposes only. While ETP doesn’t store or cache passwords, this directory is not intended to store user and group information in production.

As part of a directory configuration, you must associate an identity connector.

For more information about directories, see Directories. To add a directory service, see Add a directory.

4c. Identity Providers

An identity provider (IdP) is a service that creates, manages, and saves user identity information. This identity information is used to authenticate users within a network. Identity information or attributes are stored in a directory. To learn more about identity providers, see Identity providers.

To add an identity provider, see Add an identity provider.

4d. Policies

Enable authentication, assign an identity provider, and select the users or groups that can access websites in a specific category. For instructions, see Require authentication to access a website.

4e. Deploy

You must deploy the identity provider and policy configuration to the ETP network. For instructions, see Deploy configuration changes.