Authentication methods
More information about available team authentication methods
Direct Relationship
Users can be directly related to a team from the User edit screen. This method is commonly used when a team does not use Email Domain or IP Addresses, or to authorize additional email addresses to a team (such as personal addresses for individual users).
Email Domain(s)
When a user authenticates to IdentityX via a consuming application, their email domain is checked against the email domains of teams within that application. If the email domain matches, the user is automatically granted access to that team's access levels, as if they were directly related.
For example, if a team used the email domain contoso.org, all users authenticating with that email domain will be granted access to the team, such as jane.doe@contoso.org or distribution-group@contoso.org.
This will not match subdomains -- each subdomain would need to be entered explicitly. For example, admin.contoso.org would need to be added to match joe@admin.contoso.org.
Internet Protocol (IP) Address(es)
Finally, if a request is detected from an originating IP address (or range) that matches a team, the request is treated as being a member of that team (even if no email/user is present).
IdentityX supports both single addresses or CIDR notations for IPv4 or IPv6 addresses. For example, the following entries are all valid team IP values:
138.42.234.1210.0.172.0/243.3.3.3/32fe80::/102001:db8:85a3::8a2e:370:7334/128
Last updated