All Products
Search

This Product

    Secure Access Service Edge:Configure an IdP combination

    Document Center

    Secure Access Service Edge:Configure an IdP combination

    Last Updated:Nov 22, 2024

    If your enterprise uses multiple identity providers (IdPs) to manage the organizational structure of the enterprise, such as using a DingTalk IdP and an Lightweight Directory Access Protocol (LDAP) IdP, you can configure the IdPs together to form an IdP combination and enable the IdP combination in Secure Access Service Edge (SASE). This way, users of the IdPs can log on to the SASE client. This topic describes how to configure an IdP combination.

    Prerequisites

    Before you configure an IdP combination, at least two single IdPs are configured.

    Procedure

    1. Log on to the SASE console. In the left-side navigation pane, choose Identity Authentication and Management > Identity Access.

    2. On the IdP Management page, click the IdP Management tab. On the tab, click Add IdP.

    3. In the Add IdP panel, set the Authentication Type parameter to IdP Combination and configure the parameters. The following table describes the parameters.

      Parameter

      Description

      Enterprise IdP

      The IdP list displays information about the created LDAP, WeCom, Lark, DingTalk, and custom IdPs. You can select the IdPs based on your business requirements.

      You can add up to five single IdPs to an IdP combination.

      Configuration Name

      The name of the IdP combination.

      The name must be 2 to 100 characters in length and can contain letters, digits, hyphens (-), and underscores (_).

      Description

      The description of the IdP combination.

      IdP Configuration Status

      Specifies whether to enable the IdP combination. Valid values:

      • Enabled: If no IdP is enabled, you can enable the created IdP combination. If an IdP or IdP combination is enabled, you must disable the IdP or IdP combination before you can enable another IdP or IdP combination.

      • Disabled: You can disable the created IdP combination and enable it later. This is the default value.

        Important

        If you turn off IdP Configuration Status, users cannot access office applications by using the SASE client. Proceed with caution.

    4. Click OK.

      After the configuration is complete, the IdP combination is displayed in the IdP list.

    Disable an IdP combination

    On the IdP Management tab, find the IdP combination that you want to manage and turn off the switch in the Status column.

    View the information about an IdP combination

    On the IdP Management tab, find the IdP combination that you want to manage and click Details in the Actions column.

    Delete an IdP combination

    On the IdP Management tab, find the IdP combination that you want to manage and click Delete in the Actions column.

    Modify the information about an IdP combination

    On the IdP Management tab, find the IdP combination that you want to manage and click Edit in the Actions column.

    References

    Configure a SASE IdP

    If your enterprise does not use a third-party IdP, you can establish an organizational structure by using a custom IdP provided by SASE. For more information, see Configure a SASE IdP.

    Connect a third-party IdP

    If your enterprise uses one of the following IdPs to manage the organizational structure of the enterprise, you can connect the IdP to SASE: LDAP, DingTalk, WeCom, Lark, and Identity as a Service (IDaaS).

    Configure a user group

    For more information, see Configure a user group.