5.0 Configuring Identity Sources

CloudAccess supports the use of one or more identity sources to authenticate users and for provisioning accounts to the SaaS applications. The initialization process configures the first identity source and adds the identity source to the Admin page.

The appliance supports more than one identity source and there are additional identity sources you can add to the appliance that are not available during the initialization process. For example, the Self-Service User Store (SSUS) and SAML 2.0 Inbound (SAML2 In) are identity sources that you can add only after you initialize the appliance. You can add as many additional identity sources as you want. However, all of the user IDs across the different identity sources must be unique.

For CloudAccess to provision user accounts to the SaaS applications, each user account in the identity source must contain the attributes listed. If you are using an LDAP identity source, there are specific attributes that must be populated on the user accounts. If you are using a JDBC database, there are certain columns of information that must be populated. The information for each identity source is different.

NOTE:For security reasons, by default CloudAccess does not allow you to add a user with a user name that is the same as a previously added user. If you attempt to do so, CloudAccess displays the user as not activated. For more information, see Section 13.7, Troubleshooting Provisioning Issues.

Review the information in the following sections before you deploy the appliance and when you configure additional identity sources. Ensure that your identity source meets all requirements and the user account information in the identity source contains the proper information to synchronize the accounts.