Views:
Cloud Email Gateway Protection allows you to control the way that end users access the End User Console.
On the Logon Methods screen, you can enable or disable the following logon methods:
  • Local Account Logon
    If this method is enabled, end users can log on to the End User Console with their user name and password of the local managed accounts they have registered on the End User Console. Enforcing two-factor authentication adds an extra layer of security to the end user accounts.
  • Single Sign-On
    Once you enable single sign-on (SSO) and complete required settings, end users can log on to the End User Console through SSO with their existing identity provider credentials. You can create multiple SSO profiles so that different end users can log on to the End User Console from different identity provider servers through SSO.
    When creating an SSO profile, you need to specify the domains to which the profile applies. Assume that subaccount A manages domain A, B and C, subaccount B manages domain B, subaccount C manages domain C, and subaccount D manages My organization. The operations that these subaccounts can perform on each SSO profile are as follows:
    SSO profile
    Applied to Domains
    Available operations by subaccount
    Profile 1
    Domains A and B
    • Subaccount A: read, edit, and delete
    • Subaccount B: read only
    • Subaccount C: cannot read, edit or delete
    • Subaccount D: read, edit, and delete
    Profile 2
    Domain C
    • Subaccount A: read, edit, and delete
    • Subaccount B: cannot read, edit or delete
    • Subaccount C: read, edit, and delete
    • Subaccount D: read, edit, and delete
    Profile 3
    My organization
    • Subaccount A: read only
    • Subaccount B: read only
    • Subaccount C: read only
    • Subaccount D: read, edit, and delete
    Cloud Email Gateway Protection currently supports the following identity providers for SSO:
    • Microsoft Active Directory Federation Services (AD FS)
    • Microsoft Entra ID
    • Okta