TIBCO Cloud Federated Authentication
TIBCO Cloud Federated Authentication feature allows users to sign in to TIBCO Cloud by using their federated credentials. In TIBCO Cloud, you can configure a custom Identity Provider (IdP) for authenticating user credentials instead of relying on the IdP provided by TIBCO. After a custom IdP is configured and enabled for an email domain, all users in that email domain can sign in to TIBCO Cloud using their federated credentials.
TIBCO Cloud currently supports the following types of external IdPs:
-
Google
-
External SAML SSO Server
-
LDAP
-
JWT-based OAuth for REST-based OEM solutions (RFC 7521)
Benefits of Using a Custom IdP
Configuring a custom IdP has the following benefits:
-
Eliminates the need for users to create and maintain an additional account with TIBCO
-
Enhances compliance with customer's security policies such as password strength, password aging, credential revocation, and auditing
-
Reduces the risk of a security breach by keeping the authentication process in the customer's on-premises systems
Points to be Noted
-
Users who receive invitations to join TIBCO Cloud need not set up a password with TIBCO if their email domain has a custom IdP configured and enabled. They can continue to use their corporate login to sign up. They can also use their corporate login to do a credit card purchase for a domain capability.
-
TIBCO does not manage the account lockout and password policies for the users of an organization for which external IdP or LDAP has been configured.
-
After you send a request for permission to enable signing in by using your federated credentials, you can cancel your request before it is approved.
-
After you enable Enterprise SSO, new users are not issued a password by TIBCO Accounts. Instead, they are redirected to your IdP.
-
If you cannot sign in to TIBCO Cloud to make Enterprise SSO changes, you can contact TIBCO Support. They can disable the mandatory sign-in for you and then you can make the desired changes.