AppGate ZTNA has three built in IdPs with some settings that should be edited:
Connector. A simplified IdP used by client instances running within the Connector appliance. Not all fields for the Connector IdP are required.
NOTE
You must add IP pools before you can use Connector appliances.
Service. A simplified IdP used by the Kubernetes (k8s) service client instances running within containers. Not all fields are required. See the service users section to manage the users.
NOTE
You must add IP pools before you can use k8s service client instances.
Local. A locally managed internal database. See the Local users section to manage the users. See Local IdP configuration below for fields that apply only to this IdP.
Go to the Identity Providers page (Identity > Identity Providers) and select each IdP to view their settings.
Connector IdP configuration
To view settings for the Connector IdP, go to the Identity Providers page and select the IdP with the Type Connector.
See the General IdP settings section for information on editing the the IP Pools and Claims fields.
NOTE
Scripted (formerly on-demand) device claims are not available.
Local IdP configuration
To view settings for the Local IdP, go to the Identity Providers page and select the IdP with the Type Local.
See the General settings section for information on editing the Sign-in Settings fields. Then edit the following fields for the Local IdP:
Sign-in Attempts Limit. Enter the number of sign-in attempts allowed before the user is blocked.
NOTE
For SSH access this can also be set. Refer to SSH command line administration
Sign-in Lockout Duration (in minutes). Enter the number of minutes the user must wait before attempting to sign-in again.
Minimum Password Length. Enter the minimum password length for local users. Enter 0 for no limit.
See the General settings section for information on editing the Client Settings fields, IP Pools fields, and Claims fields.
Service IdP configuration
To view settings for the Service IdP, go to the Identity Providers page and select the IdP with the Type Service.
See the General settings section for information on editing the Sign-in Settings fields. Then edit the following fields for the Service IdP:
NOTE
MFA at Sign-in and admin access are not available.
Sign-in Attempts Limit. Enter the number of sign-in attempts allowed before the user is blocked.
NOTE
For SSH access this can also be set. Refer to SSH command line administration
Sign-in Lockout Duration (in minutes). Enter the number of minutes the user must wait before attempting to sign-in again.
Minimum Password Length. Enter the minimum password length for local users. Enter 0 for no limit.
See General settings section for information on editing the Client Settings fields, IP Pools fields, and Claims fields.