End User Authentication Overview
Juniper Secure Edge provides end user authentication service that is tenant-aware and internet-facing. The authentication service is responsible for authenticating users using the preferred authentication methods configured by the administrator.
Administrators must authenticate the remote (roaming) users using any one of the following supported authentication methods:
- Hosted Database—Use a database hosted on Juniper Secure Edge for authentication and authorization.
- SAML— Connect to an identity provider (IdP) of your choice over the Internet for authentication. You use the Security Assertion Markup Language (SAML) 2.0 framework for authentication using an IdP.
- LDAP—Connect to your organization’s Active Directory service over the Internet for
authentication.
For user-based firewall policies using group membership, You must first install a Juniper Identity Management Service (JIMS) Collector on your network: See Juniper Identity Management Service Overview.
Based on the authentication methods configured by the tenant administrator, the user will be re-directed to the login page with those configured authentication methods.
When all three authentication methods are configured, the user can authenticate using the method of their choice. For SAML authentication, click Single Sign-On (SSO) and for Hosted DB and LDAP authentication, click E-mail/Password button. In case both Hosted DB and LDAP are configured, and the user enters the username and password, then order of authentication is: (1) Hosted DB, (2) LDAP.