Skip to main content

Tutorial: Use CloudConnexa with a Mix of Authentication Methods

Abstract

Configure CloudConnexa to use Multiple Authentication Methods (MAM) — authenticate employees via SAML/SSO while external users sign in with CloudConnexa username and password plus 2FA, all within the same WPC.

Overview

This tutorial shows you how to configure different authentication methods for different users while allowing everyone to securely access your private network. If your WPC uses SAML/SSO for employees but you need to onboard external users — such as contractors, auditors, or partners — without adding them to your identity provider, you can run both authentication methods simultaneously in the same WPC.

This configuration uses Multiple Authentication Methods (MAM) to allow employees to authenticate with SAML while external users authenticate with CloudConnexa Username & Password, with optional two-factor authentication (2FA).

Before you begin

Before starting this tutorial:

  • You have a CloudConnexa WPC configured.

  • SAML authentication is already configured for your employees.

  • You have Owner or Administrator permissions.

  • You have the names and email addresses of the external users you want to add.

  • You've created a User Group for the external users.

  • You've created the Network with the private network resources the external users should be allowed to access.

Procedure

  1. Enable MAM. For instructions, refer to How to enable MAM.

  2. Enable 2FA for CloudConnexa Username & Password users. Refer to Set 2FA for Users.

  3. Add the external users to your WPC. Refer to Add Users. When creating each user:

    • Assign the user to the User Group for external users.

    • Select Send invitation email. The invitation email includes the Cloud ID, username, temporary password, and instructions for connecting.

  4. Create an Access Group that uses the external users' User Group as the Source and the private network resources they need as the Destination. For instructions, see Add an Access Group

Result

Employees continue to authenticate using SAML/SSO, while external users authenticate using CloudConnexa Username & Password. External users can access only the resources allowed by the Access Group you created.

See also