Enforce Email Quarantine Portal logins using your company's own identity provider (IdP)
search cancel

Enforce Email Quarantine Portal logins using your company's own identity provider (IdP)

book

Article ID: 440008

calendar_today

Updated On:

Products

Email Security.cloud

Issue/Introduction

Symantec by Broadcom uses AuthHub for both Single Sign-on (SSO) and federation of user accounts. AuthHub is a policy-driven authentication and authorization service used by Broadcom (SiteMinder/VIP) for securing enterprise applications. Email Security.cloud and Email Quarantine Portal customers can now choose to register with AuthHub using any valid email address or to federate their corporate IdP with AuthHub.

Environment

Email Security.cloud

Cause

Because AuthHub is already the underlying technology used for signing in to Symantec Accounts, you do not need to configure AuthHub itself (as you do for a partner IdP). After Symantec Account SSO is set up, it can be used for other Symantec products. If a user already has an existing login for a different Symantec product, then the user can continue to use that login rather than setting up a new account for Email Security.cloud.

Resolution

Users who are new to ClientNet or the Email Quarantine Portal--or are newly federated--must have accounts created for them by an administrator so that their access roles can be assigned.
 
Creating a new user : 
 
1 - In the portal, navigate to
 Dashboard > Administration > User Management
and click
 Create New User.
 
2 - On the
User Details 
tab, ensure that
 Federated User
is selected.
 

Note:

Federated User 
does not appear until
 Federated login only 
is enforced at the portal level. If you are not yet enforcing federated logins, then the only option is to select 
Portal user 
and then ignore the account activation email.
 
Service user 
should be selected only when you intend to use the credentials you are adding to call APIs and use standalone ClientNet-related tools.  Service user credentials cannot be used to access the ClientNet portal.
 
Once you have configured SSO/federation with a partner IdP and migrated all of your users, the final step is to enforce federation at the portal level. Enforcing federation automatically
disables 
all other sign-in methods for users of that portal. Do not perform the steps below until you have configured federation with your IdP and all of your users have used the migration wizard to link their pre-federation accounts to federated ones.
 
3 - In the ClientNet portal, navigate to
 Dashboard > Administration > Access Control.
 
4- Use the slider to turn federation on or off for all ClientNet portal users.
 
 
 

 

 
 
Powered by Wolken Software