If your enterprise uses multiple identity providers (IdPs) to manage the organizational structure of the enterprise, such as using a DingTalk IdP and an Lightweight Directory Access Protocol (LDAP) IdP, you can configure the IdPs together to form an IdP combination and enable the IdP combination in Secure Access Service Edge (SASE). This way, users of the IdPs can log on to the SASE client. This topic describes how to configure an IdP combination.
Prerequisites
Before you configure an IdP combination, at least two single IdPs are configured.
Procedure
Log on to the SASE console. In the left-side navigation pane, choose .
On the IdP Management page, click the IdP Management tab. On the tab, click Add IdP.
In the Add IdP panel, set the Authentication Type parameter to IdP Combination and configure the parameters. The following table describes the parameters.
Parameter
Description
Enterprise IdP
The IdP list displays information about the created LDAP, WeCom, Lark, DingTalk, and custom IdPs. You can select the IdPs based on your business requirements.
You can add up to five single IdPs to an IdP combination.
Configuration Name
The name of the IdP combination.
The name must be 2 to 100 characters in length and can contain letters, digits, hyphens (-), and underscores (_).
Description
The description of the IdP combination.
IdP Configuration Status
Specifies whether to enable the IdP combination. Valid values:
Enabled: If no IdP is enabled, you can enable the created IdP combination. If an IdP or IdP combination is enabled, you must disable the IdP or IdP combination before you can enable another IdP or IdP combination.
Disabled: You can disable the created IdP combination and enable it later. This is the default value.
ImportantIf you turn off IdP Configuration Status, users cannot access office applications by using the SASE client. Proceed with caution.
Click OK.
After the configuration is complete, the IdP combination is displayed in the IdP list.
Disable an IdP combination
On the IdP Management tab, find the IdP combination that you want to manage and turn off the switch in the Status column.
View the information about an IdP combination
On the IdP Management tab, find the IdP combination that you want to manage and click Details in the Actions column.
Delete an IdP combination
On the IdP Management tab, find the IdP combination that you want to manage and click Delete in the Actions column.
Modify the information about an IdP combination
On the IdP Management tab, find the IdP combination that you want to manage and click Edit in the Actions column.
References
Configure a SASE IdP
If your enterprise does not use a third-party IdP, you can establish an organizational structure by using a custom IdP provided by SASE. For more information, see Configure a SASE IdP.
Connect a third-party IdP
If your enterprise uses one of the following IdPs to manage the organizational structure of the enterprise, you can connect the IdP to SASE: LDAP, DingTalk, WeCom, Lark, and Identity as a Service (IDaaS).
Configure a user group
For more information, see Configure a user group.