5.2 Understanding Linked Logins in CloudAccess

CloudAccess enables users to access resources and applications using social media identities in addition to corporate identities. Social federation in CloudAccess is not created by provisioning; rather, it is user-initiated by linking social accounts to corporate accounts. Linked logins work with any identity source that results in users being provisioned into the local identity vault. You must configure the Linked Logins tool in CloudAccess if you want to enable social federation for your users. For more information, see Configuring the Connector for Linked Logins.

From the end user interface, users have a menu option to link a social identity to their corporate identity. Once they have successfully provided both a social login and user name/password, they are federated and can use either identity to authenticate. This federation does not result in any social attributes other than the social identity’s GUID being stored in the CloudAccess identity vault. CloudAccess does not create corporate identities from social identities.

For additional security, you can use a second factor authentication tool such as Advanced Authentication or Fido in conjunction with social federation. When users authenticate using social authentication to an account that is federated, CloudAccess requires them to provide a second factor during authentication. For more information about second factor authentication tools, see Section 9.0, Configuring Authentication Methods.

IMPORTANT:Linked logins offer convenience to users, but they are a potential security breach for organizations. Whenever users access secure corporate resources using a social media account and do not log out, they expose the organization to security risks that CloudAccess cannot control.