Skip to main content
Skip table of contents

External Identity providers

Introduction

BlastShield™ is SCIM 2.0 enabled and supports integration with identity providers such as Okta, Azure AD and One Identity.  SCIM support allows user accounts to be automatically created in BlastShield™ when new user accounts are assigned to the SCIM application in the IdP.   User account status and their information are automatically updated in BlastShield™ based on updates in the IdP.   BlastShield supports OIDC (OpenID Connect) to authenticate the SSO of the IdP for the user registration with the Orchestrator.  

Simplify the control of user identity and facilitate bulk onboarding and management of users

BlastShield's identity provider integration provides you with a single source of user identity which is derived directly from the user directory of the identity provider. There is no user maintenance required on the BlastShield™ side, since all user creation and updates are made in the identity provider itself, except for the occasional authentication reset if a user changes their mobile device.

Integration with an identity provider allows bulk onboarding of users and user groups from the identity provider without manual provisioning of new users in the Orchestrator, which makes it easy to onboard large numbers of new users and place them into policies. User groups created in the identity provider are simply synchronized with BlastShield™ and provisioned directly using the SCIM interface.

Authentication options

There are two options for user authentication when you use an external identity provider.

  1. Authenticate using the BlastShield™ Mobile Authenticator app.

  2. Authenticate using the SSO of your identity provider.

These options are configured globally and will therefore apply to all users provisied by the identity provider.

In this section:

Configure Azure AD as an external identity provider

Configure Okta as an external identity provider

Register a new user created by an external identity provider - Mobile Authenticator app

Remote User Access using an SSO credentials for user authentication

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close