A built-in identity provider can be configured to service authentication methods that do not require a connector installed behind a firewall. The connector is installed in outbound connection mode and does not require the inbound firewall port 443 to be opened.
The connector establishes an outbound-only connection (using websockets) with the cloud service, and receives authentication requests over this channel.
Authentication methods that are configured on a connector deployed behind the DMZ in an outbound-only connection mode can be associated to the identity provider when you configure a built-in identity provider.
The following connector authentication methods can be configured.
Password (cloud deployment)
RSA Adaptive Auth (cloud deployment)
RSA SecurID (cloud deployment)
RADIUS (cloud deployment)
After you configure the authentication methods, you then must create access policies to apply to these authentication methods.