A built-in identity provider can be configured to service authentication methods that do not require a connector installed behind a firewall. The connector is installed in outbound connection mode and does not require the inbound firewall port 443 to be opened.

The connector establishes an outbound-only connection (using websockets) with the cloud service, and receives authentication requests over this channel.

Authentication methods that are configured on a connector deployed behind the DMZ in an outbound-only connection mode can be associated to the identity provider when you configure a built-in identity provider.

The following connector authentication methods can be configured.

• Password (cloud deployment)
• RSA Adaptive Auth (cloud deployment)
• RSA SecurID (cloud deployment)
• RADIUS (cloud deployment)

After you configure the authentication methods, you then must create access policies to apply to these authentication methods.