How Users are Configured for Authentication

To create users, go to System > Security > Users > <user>. Then, specify user authentication properties to authenticate users through an external IdP or using native authentication. In this example, a user is configured to authenticate through Okta.

The System Security user configuration page has a grid with row headings that have a blue background with blue text and can be expanded to display fields with a white background and black text. Under the Authentication row heading, the External Authentication Provider field has Okta selected, and the External Provider User Name field has an Okta email address.

TIP: You can load some authentication properties by file. See Load Authentication Properties by File.

Load Authentication Properties by File

You can include the following external IdP properties in an XML load file that you import into System Security to configure users for authentication:

  • External provider

  • External provider user name

We suggest creating the load file using the security Excel templates provided with the Sample Templates MarketPlace solution. In the Security Template, on the Instructions tab, step 2 of User Security Design includes externalAuthProviderName and externalUserName.

Authentication with an External Identity Provider

To authenticate a user with an external IdP, complete the following fields:

  • External Authentication Provider – The configured IdP provider, such as Salesforce or Okta. The selections available are determined by the security configuration and reflect the "Display Name" defined, during implementation, in the IdP's scheme.

  • External Provider User Name – The username defined in the external IdP. This name must match and be used by only one user. For example, if a user's name for Okta is OktaUser@okta.com, specify OktaUser@okta.com as the External Provider User Name.

    NOTE: Multiple users cannot have the same external provider user name.

    NOTE: The default claims used to authenticate a user account with an external IdP are name identifier, email, and subject. Custom claims are also available. You can set up custom claims when you add or edit an identity provider in the Identity & Access Management Portal. See Identity Providers. Contact Customer Support if needed.

The System Security user configuration page has a grid with row headings that have a blue background with blue text and can be expanded to display fields with a white background and black text. Under the Authentication row heading, the External Authentication Provider field has Okta selected, and the External Provider User Name field has an Okta email address.

Native Authentication

To configure users for native authentication and native login, modify user accounts in System Security, setting External Authentication Provider to Not Used, as shown in the following image. Note that you must first submit a Support ticket to request an environment be prepared for native authentication before you can configure user accounts.

The System Security user configuration page has a grid with row headings that have a blue background with blue text and can be expanded to display fields with a white background and black text. Under the Authentication row heading, the External Authentication Provider field has (Not Used) selected, and the External Provider User Name field is blank.

Similarly, work with Support to later disable native authentication and user accounts as needed.