Cloud Identity Engine Getting Started
    : Set Up an Authentication Profile
    Focus
    Download PDF
    Focus
    1. Home
    2. Cloud Identity
    3. Cloud Identity Engine Getting Started
    4. Authenticate Users with the Cloud Identity Engine
    5. Set Up an Authentication Profile
    Download PDF

    Cloud Identity Engine Getting Started

    Set Up an Authentication Profile

    Table of Contents

    Set Up an Authentication Profile

    Configure an authentication profile to use to authenticate users with the Cloud Identity Engine. You can specify one or more authentication types by group or by directory or for all directories.
    To use more than one authentication type in your authentication profile, you must configure a directory in the Cloud Identity Engine. For a single client certificate authentication type, configuring a directory in the Cloud Identity Engine is optional. There is no directory requirement for a single SAML 2.0-compliant authentication type.
    1. Select AuthenticationAuthentication Profiles then Add Authentication Profile.
    2. If you have not already done so, Configure a SAML 2.0 Authentication Type or Configure a Client Certificate to use as an authentication type.
    3. Enter a unique Profile Name.
    4. Select the Authentication Mode.
      • If you select Single as the authentication mode, click Select authentication type and select the authentication type you want to use.
      • If either of the following apply to your configuration, select the Directory Sync Username Attribute and Directory Sync Group Attribute.
        • You selected Multiple as the Authentication Mode and you have configured a client certificate.
        • You selected Single and the Authentication Type is Client Certificate.
        To successfully authenticate users using a client certificate, the value of the Directory Sync Username Attribute must match the value of the Username Attribute you select when you configure the Client Certificate Authentication Type.
    5. (Multiple Authentication Mode only) Define the Authentication mapping order by selecting the configured authentication types that you want to use to authenticate users.
    6. (Multiple Authentication Mode only) During authentication, the Cloud Identity Engine uses the given user identity information to obtain the directory group information for the user to determine if the user’s group has an assigned authentication type. If the user belongs to multiple groups, the Cloud Identity Engine uses the first authentication type you assign to the group for user authentication.
    7. Select the Default authentication type that you want the Cloud Identity Engine to use to authenticate users if the user is not in an assigned group.
      As a best practice, assign an authentication type for each group you want to authenticate using the Cloud Identity Engine.
    8. Choose directories and groups by selecting a directory or selecting All Directories.
      You can also search by Directory Sync Group Attribute (such as Common-Name).
    9. Select the group or groups from each directory that you want to authenticate using the authentication type you select in the next step.
    10. Select an authentication type and Assign it to assign this authentication type to the group or groups you selected.
    11. Review your selections by authentication type or select All Authentication Types to see all assigned groups.
    12. Submit your changes to configure the authentication profile.

    © 2024 Palo Alto Networks, Inc. All rights reserved.