Cloud Email Gateway
Protection allows you to control the way that
end users access the End User Console.
On the Logon Methods screen, you can enable or
disable the following logon methods:
-
Local Account LogonIf this method is enabled, end users can log on to the End User Console with their user name and password of the local managed accounts they have registered on the End User Console. Enforcing two-factor authentication adds an extra layer of security to the end user accounts.
-
Single Sign-OnOnce you enable single sign-on (SSO) and complete required settings, end users can log on to the End User Console through SSO with their existing identity provider credentials. You can create multiple SSO profiles so that different end users can log on to the End User Console from different identity provider servers through SSO.When creating an SSO profile, you need to specify the domains to which the profile applies. Assume that subaccount A manages domain A, B and C, subaccount B manages domain B, subaccount C manages domain C, and subaccount D manages My organization. The operations that these subaccounts can perform on each SSO profile are as follows:SSO profileApplied to DomainsAvailable operations by subaccountProfile 1Domains A and B
-
Subaccount A: read, edit, and delete
-
Subaccount B: read only
-
Subaccount C: cannot read, edit or delete
-
Subaccount D: read, edit, and delete
Profile 2Domain C-
Subaccount A: read, edit, and delete
-
Subaccount B: cannot read, edit or delete
-
Subaccount C: read, edit, and delete
-
Subaccount D: read, edit, and delete
Profile 3My organization-
Subaccount A: read only
-
Subaccount B: read only
-
Subaccount C: read only
-
Subaccount D: read, edit, and delete
Cloud Email Gateway Protection currently supports the following identity providers for SSO:-
Microsoft Active Directory Federation Services (AD FS)
-
Microsoft Entra ID
-
Okta
-