To configure automated security policy management using access authentication, complete the following steps:
- Set up the IdP you plan to use and create applications and user group attributes in the IdP. Refer to the respective vendor documentation for details.
- Review the prerequisites for using different protocols and IdPs. For more information, see Prerequisites for Configuring Access Authentication.
- Create an access authentication profile that defines the protocol and IdP you want to use. For more information, see Configuring Authentication Profiles.
Enable the access authentication and DNS forwarding proxy services on the on-prem host to which you want to apply security policies. For more information, see Enabling and Disabling Services on On-Prem Hosts.
Important Note
Enabling the access authentication service might affect the existing DNS service. Contact Infoblox Technical Support for assistance in enabling the access authentication service. Once the service is enabled, all users will be redirected to the Access Authentication page for authentication before any DNS resolution can happen.
- Configure the access authentication service on the on-prem host by adding an authentication profile you want to use. For more information, see Configuring Authentication Profiles for On-Prem Hosts.
- Obtain the admin token and domain from the third-party IdP you have selected in the authentication profile. Depending on the IdP, refer to the respective vendor documentation on how to obtain the admin token and domain.
- Synchronize user groups from the third-party IdP using the admin token and domain you retrieved from the IdP. For more information, see Synchronizing User Groups.
- Create or modify security policies to include specific user groups to which you want to apply the security policies. For more information, see Creating Security Policies.