To manage access authentication for on-prem users and user group synchronization, you must first create profiles that define the authentication protocols and choose the third-party IdPs you want to use. For more information about access authentication and how to utilize it to set up automated security policy management, see Managing Access Authentication.
You can configure an authentication profile by choosing one of the supported protocols and IdPs, and then associate the profile with an on-prem host, a server so users in your organization can be authenticated for specific BloxOne services specific Infoblox Service and resources. When you enable the Access Authentication service on an on-prem hosta server, you integrate a third-party IdP federation to retrieve user group data, so you can build security policies based on user groups.
When configuring an authentication profile, you choose a supported protocol and third-party IdP to suit your business requirements. You can create multiple authentication profiles and enable one of them immediately and save the others for future use. Note that you can enable only one profile at a time. However, you can associate multiple profiles with an on-prem host a server as long as the profiles have different protocol types. For example, you can create four SAML authentication profiles for future use, but you can associate and enable only one of them with an on-prem host a server at any given time. The same on-prem host same server can however be associated with another profile as long as the profile uses a different protocol type, such as LDAP or OpenID Connect.
...
- Ensure that you have successfully set up the IdPs of your choice. For information, see Prerequisites for Configuring Access Authentication.
- From the Cloud Services Infoblox Portal, click Configure > Administration > Access Authentication, and then click the Authentication Profiles tab.
- On the Authentication Profiles tab, click Add Configuration and choose one of the following authentication protocols:
- LDAP: LDAP allows the use of Microsoft Windows Active Directory (MS AD) to verify the identity of users and user groups. One or more Active Directory servers can be used to implement security policies within an organization. When you choose this option, ensure that you enable the MS AD Sync service, so you can synchronize user groups accordingly. For information on how to enable services, see Enabling and Disabling Services on HostsServers.
- SAML: SAML authentication uses the SAML 2.0 protocol to authenticate users. This is an open standard that allows IdPs to pass authorization credentials to service providers.
- OpenID Connect: OpenID Connect is a simple identity layer on top of the OAuth 2.0 protocol that allows clients to verify user identity based on the authentication performed by an authorization server. This protocol allows you to perform SSO (single sign-on) and introduces ID token, which allows the client to verify the identity of the user and obtain basic profile information about the user.
- LDAP: LDAP allows the use of Microsoft Windows Active Directory (MS AD) to verify the identity of users and user groups. One or more Active Directory servers can be used to implement security policies within an organization. When you choose this option, ensure that you enable the MS AD Sync service, so you can synchronize user groups accordingly. For information on how to enable services, see Enabling and Disabling Services on HostsServers.
...