To create users, go to System > Security > Users > <user>. Then, specify user authentication properties, such as those shown below, to authenticate users through an external IdP or using native authentication. In this example, a user is configured to authenticate through Okta.
TIP: You can load some authentication properties by file. See Load Authentication Properties by File.
Load Authentication Properties by File
You can include the following external IdP properties in an XML load file that you import into System Security to configure users for authentication:
-
External provider
-
External provider user name
We suggest creating the load file using the security Excel templates provided with the Sample Templates MarketPlace solution. In the Security Template, on the Instructions tab, step 2 of User Security Design includes externalAuthProviderName and externalUserName.
Authentication with an External Identity Provider
To authenticate a user with an external IdP, specify the following, as shown below:
-
External Authentication Provider – The configured IdP provider, such as Salesforce or Okta. The selections available are determined by the security configuration and reflect the "Display Name" defined, during implementation, in the IdP's scheme.
-
External Provider User Name – The username defined in the external IdP. This name must match and be used by only one user. For example, if a user's name for Okta is OktaUser@okta.com, specify OktaUser@okta.com as the External Provider User Name.
NOTE: Multiple users cannot have the same external provider user name.
NOTE: The default claims used to authenticate a user account with an external IdP are name identifier, email, and subject. Custom claims are also available. You can set up custom claims when you add or edit an identity provider in the Identity & Access Management Portal. See Identity Providers. Contact Customer Support if needed.
Native Authentication
To configure users for native authentication and native login, modify user accounts in System Security, setting External Authentication Provider to Not Used, as shown below. Note that you must first submit a Support ticket to request an environment be prepared for native authentication before you can configure user accounts.
Similarly, work with Support to later disable native authentication and user accounts as needed.