Identity providers
Introduction
BlastShield™ is SCIM 2.0 enabled and supports integration with identity providers such as Okta, Azure AD and One Identity. SCIM support allows user accounts to be automatically created in BlastShield™ when new user accounts are assigned to the SCIM application in the IdP. User account status and their information are automatically updated in BlastShield™ based on updates in the IdP. BlastShield supports OIDC (OpenID Connect) to authenticate the SSO of the IdP for the user registration with the Orchestrator.
Simplify the control of user identity and facilitate bulk onboarding and management of users
BlastShield's identity provider integration provides you with a single source of user identity which is derived directly from the user directory of the identity provider. There is no user maintenance required on the BlastShield™ side, since all user creation and updates are made in the identity provider itself, except for the occasional authentication reset if a user changes their mobile device.
Integration with an identity provider allows bulk onboarding of users and user groups from the identity provider without manual provisioning of new users in the Orchestrator, which makes it easy to onboard large numbers of new users and place them into policies. User groups created in the identity provider are simply synchronized with BlastShield™ and provisioned directly using the SCIM interface.
Authentication options
There are two options for user authentication when you use an external identity provider.
Authenticate using the BlastShield™ Mobile Authenticator app.
Authenticate using the SSO of your identity provider.
These options are configured globally and will therefore apply to all users provisied by the identity provider.