Views:
Cloud Email Gateway Protection allows you to control the way that end users access the End User Console.
On the Logon Methods screen, you can enable or disable the following logon methods:
  • Local Account Logon
    If this method is enabled, end users can log on to the End User Console with their user name and password of the local managed accounts they have registered on the End User Console. Enforcing two-factor authentication adds an extra layer of security to the end user accounts.
  • Single Sign-On
    Once you enable single sign-on (SSO) and complete required settings, end users can log on to the End User Console through SSO with their existing identity provider credentials. You can create multiple SSO profiles so that different end users can log on to the End User Console from different identity provider servers through SSO.
    When creating an SSO profile, you need to specify the domains to which the profile applies. Assume that subaccount A manages domain A, B and C, subaccount B manages domain B and subaccount C manages domain C. The relationship between SSO profiles, managed domains and subaccount permissions are as follows:
    SSO Profile
    Managed Domains
    Subaccount Permission
    Profile 1
    Domains A and B
    • Subaccount A: read and edit
    • Subaccount B: read only
    • Subaccount C: cannot read, edit or delete
    Profile 2
    Domain C
    • Subaccount A: read and edit
    • Subaccount B: cannot read, edit or delete
    • Subaccount C: read and edit
    Profile 3
    All domains
    • Subaccount A: read only
    • Subaccount B: read only
    • Subaccount C: read only
    Cloud Email Gateway Protection currently supports the following identity providers for SSO:
    • Microsoft Active Directory Federation Services (AD FS)
    • Microsoft Entra ID
    • Okta
Related information