Identity Provider Setup
The Identity Provider Setup allows you to configure user authentication. You can configure authentication to require that users or groups authenticate to access websites and web applications. With this configuration in place, you can also report usernames and groups in access control events.
- Third-Party SAML
4a. Identity Connectors
An identity connector is a complete virtual appliance that you download in ETP and deploy behind the firewall in your data centers or hybrid cloud environments. Identity connectors allow ETP to synchronize with your organization’s Active Directory (AD) or Lightweight Directory Access Protocol (LDAP) servers.
To download an identity connector, see Create and download an identity connector.
A directory is a service that your enterprise uses to manage users and user groups. To authorize user access to domains or URLs in a policy, you add directories to ETP and associate them with identity providers.
- Cloud Directory
- Active Directory (AD)
- Lightweight Directory Access Protocol (LDAP)
- Active Directory Lightweight Directory Services (AD LDS)
As part of a directory configuration, you must associate an identity connector.
4c. Identity Providers
An identity provider (IdP) is a service that creates, manages, and saves user identity information. This identity information is used to authenticate users within a network. Identity information or attributes are stored in a directory. To learn more about identity providers, see Identity providers.
To add an identity provider, see Add an identity provider.
Enable authentication, assign an identity provider, and select the users or groups that can access websites in a specific category. For instructions, see Require authentication to access a website or web application.
You must deploy the identity provider and policy configuration to the ETP network. For instructions, see Deploy configuration changes.