When an Infoblox account is provisioned for your organization, users that exist in that account are authenticated through the Infoblox credentials store.  A user's credentials in the Infoblox credentials store are considered local credentials for that user. However, when you configure and activate an IdP federation for your company's domain, user authentication within that domain is performed using your organization's IdP. Users are no longer authenticated using the Infoblox local credentials.

Whether local credentials exist for any particular user within the federated domain depends on when that user was first created. If the user was created BEFORE the IdP federation was activated, then that user still have local credentials even though the user is not authenticated through the Infoblox credentials store. On the other hand, if the user was created AFTER the IdP federation was activated, then the only credentials that exist for that user are within the organization's IdP.

There are currently three Infoblox sites that are relevant to user creation: the Infoblox Portal, Single-Sign-On Portal, and Support Community Portal. If a user is first created through any of these portals before you activate any IdP federation, the user's local credentials exist in the Infoblox credentials store.

The following table illustrates the possible states a user can be in with relative to its local and IdP credentials:

Enabling and Disabling Local Credentials

You must be an administrator for the Single-Sign-On Portal to enable or disable local credentials for any user that falls within a domain for which the account masters. Note that configurations in the Single-Sign-On Portal affect users within a mastered domain at all three Infoblox sites: the Infoblox Portal, Single-Sign-On Portal, and Support Community Portal.

To enable or disable local credentials, complete the following;

1. Log in to the Infoblox SSO Portal at https://sso.infoblox.com/.
2. Click User Access -> Domain Users tab.
3. Select a domain user in the table, and then click Enable Local Credentials of Disable Local Credentials from the  menu.
   

   When you enable local credentials, the user will receive an activation email that allows a local password to be configured. When you disable local credentials for a user, the user's local credentials are removed from the Infoblox credentials store.  
   

Using Local Credentials for NIOS

Several NIOS features require username/password credentials during setup. When there is an active IdP federation configured for the domain that matches the email address of the Infoblox Portal user being configured in NIOS, IdP authentication cannot be used for the user because the username/password is offered programmatically to Infoblox Platform services. Therefore, if your organization has an active IdP federation, you must enable local credentials for users that are being configured in NIOS.  

In addition, the usage of local credentials is not allowed for the interactive sign-ins of users through the Infoblox Portal, Single-Sign-On Portal, or Support Community Portal.

Recovering Password for NIOS Users

NIOS users who are within a federated domain are prevented from recovering passwords through the regular password recovery mechanism provided on the main sign-in page of the Infoblox Portal, Single-Sign-On Portal, and Support Community Portal.

To perform password recovery of local credentials for a federated Infoblox Portal user being configured in NIOS, go to: https://auth.infoblox.com/signin/forgot-password, enter the user email address or username, and then click Reset via Email, as shown below.