All Products
Search
Document Center

Secure Access Service Edge:Configure an IdP combination

Last Updated:Nov 22, 2024

If your enterprise uses multiple identity providers (IdPs) to manage the organizational structure of the enterprise, such as using a DingTalk IdP and an Lightweight Directory Access Protocol (LDAP) IdP, you can configure the IdPs together to form an IdP combination and enable the IdP combination in Secure Access Service Edge (SASE). This way, users of the IdPs can log on to the SASE client. This topic describes how to configure an IdP combination.

Prerequisites

Before you configure an IdP combination, at least two single IdPs are configured.

Procedure

  1. Log on to the SASE console. In the left-side navigation pane, choose Identity Authentication and Management > Identity Access.

  2. On the IdP Management page, click the IdP Management tab. On the tab, click Add IdP.

  3. In the Add IdP panel, set the Authentication Type parameter to IdP Combination and configure the parameters. The following table describes the parameters.

    Parameter

    Description

    Enterprise IdP

    The IdP list displays information about the created LDAP, WeCom, Lark, DingTalk, and custom IdPs. You can select the IdPs based on your business requirements.

    You can add up to five single IdPs to an IdP combination.

    Configuration Name

    The name of the IdP combination.

    The name must be 2 to 100 characters in length and can contain letters, digits, hyphens (-), and underscores (_).

    Description

    The description of the IdP combination.

    IdP Configuration Status

    Specifies whether to enable the IdP combination. Valid values:

    • Enabled: If no IdP is enabled, you can enable the created IdP combination. If an IdP or IdP combination is enabled, you must disable the IdP or IdP combination before you can enable another IdP or IdP combination.

    • Disabled: You can disable the created IdP combination and enable it later. This is the default value.

      Important

      If you turn off IdP Configuration Status, users cannot access office applications by using the SASE client. Proceed with caution.

  4. Click OK.

    After the configuration is complete, the IdP combination is displayed in the IdP list.

Disable an IdP combination

On the IdP Management tab, find the IdP combination that you want to manage and turn off the switch in the Status column.

View the information about an IdP combination

On the IdP Management tab, find the IdP combination that you want to manage and click Details in the Actions column.

Delete an IdP combination

On the IdP Management tab, find the IdP combination that you want to manage and click Delete in the Actions column.

Modify the information about an IdP combination

On the IdP Management tab, find the IdP combination that you want to manage and click Edit in the Actions column.

References

Configure a SASE IdP

If your enterprise does not use a third-party IdP, you can establish an organizational structure by using a custom IdP provided by SASE. For more information, see Configure a SASE IdP.

Connect a third-party IdP

If your enterprise uses one of the following IdPs to manage the organizational structure of the enterprise, you can connect the IdP to SASE: LDAP, DingTalk, WeCom, Lark, and Identity as a Service (IDaaS).

Configure a user group

For more information, see Configure a user group.