A built-in identity provider can be configured to service authentication methods that do not require a connector installed behind a firewall. The connector is installed in outbound connection mode and does not require the inbound firewall port 443 to be opened.
The connector establishes an outbound-only connection (using websockets) with the cloud service, and receives authentication requests over this channel.
Authentication methods that are configured on a connector deployed behind the DMZ in an outbound-only connection mode can be associated to the identity provider when you configure a built-in identity provider.
The following connector authentication methods can be configured.
- Password (cloud deployment)
- RSA Adaptive Auth (cloud deployment)
- RSA SecurID (cloud deployment)
- RADIUS (cloud deployment)
After you configure the authentication methods, you then must create access policies to apply to these authentication methods.