Identity Provider Setup
The Identity Provider Setup allows you to configure user authentication. You can configure authentication to require that users or groups authenticate to access websites for specific acceptable use policy (AUP) categories. With this configuration in place, you can also report usernames and groups in access control events.
- Akamai
- Third-Party SAML
- Okta
- PingOne
- Set up Okta as an identity provider
- Set up Active Directory Federation Services (AD FS) as a third-party SAML identity provider
- Set up Microsoft Azure as a third-party SAML identity provider
- Set up PingOne as an identity provider

4a. Identity Connectors
An identity connector is a complete virtual appliance that you download in ETP and deploy behind the firewall in your data centers or hybrid cloud environments. Identity connectors allow ETP to synchronize with your organization’s Active Directory (AD) or Lightweight Directory Access Protocol (LDAP) servers.
To download an identity connector, see Create and download an identity connector.
4b. Directories
A directory is a service that your enterprise uses to manage users and user groups. To authorize user access to domains or URLs in a policy, you add directories to ETP and associate them with identity providers.
- Cloud Directory
- Active Directory (AD)
- Lightweight Directory Access Protocol (LDAP)
- Active Directory Lightweight Directory Services (AD LDS)
As part of a directory configuration, you must associate an identity connector.
For more information about directories, see Directories. To add a directory service, see Add a directory.
4c. Identity Providers
An identity provider (IdP) is a service that creates, manages, and saves user identity information. This identity information is used to authenticate users within a network. Identity information or attributes are stored in a directory. To learn more about identity providers, see Identity providers.
To add an identity provider, see Add an identity provider.
4d. Policies
Enable authentication, assign an identity provider, and select the users or groups that can access websites in a specific category. For instructions, see Require authentication to access a website.
4e. Deploy
You must deploy the identity provider and policy configuration to the ETP network. For instructions, see Deploy configuration changes.