Creating an Identity Provider Profile

A Service Provider keeps track of user subscriptions. Use an Identity Provider profile, which defines the properties pertaining to a service provider, to authenticate users using realm-based authentication and accounting services.

Complete the following steps to create an Identity Provider profile:

  1. From the navigation bar, select Network Control > Policies & Profiles.
  2. In the Policies & Profiles page, click the Identity Provider tile and click Add Identity Provider. Alternatively, in the Policies & Profiles page, click Add Policy or Profile, select the Identity Provider tile, and click Next.
    Adding an Identity Provider Profile
  3. In the Add Identity Provider page, under Network Identifier, enter the profile name and add an NAI realm. Click Add Realm. In the Add Realm sidebar, enter the realm information to configure the realm mapping to the authentication service. Enter a realm name and choose the Encoding (RFC-4282 or UTF-8) from the list, and then click Add.

    You can add another realm by selecting the Add another Realm checkbox.

    Note: Choose RFC-4282 encoding to handle user names during network authentication. Alternatively, choose UTF-8 encoding for text representation that is compatible with a broad range of languages and systems.
    1. Click Add EAP Method. The Add EAP Method sidebar appears. Select the EAP Method from the list. If you would like to add another authentication type for this EAP method, then click Add another Auth and select the Auth Type from the list. Enter the Vendor ID and Vendor Type, and then click Add. Click Next in the Add Identity Provider page.

      You can add another EAP method by selecting the Add another EAP Method checkbox. You can select up to four EAP methods.

      Adding an EAP Method
  4. (Optional) Add a Public Land Mobile Network (PLMN) Wi-Fi operator for the geographical location and a Roaming Consortium Organization Identifier (OI). For more information, refer to Identity Provider Overview.
  5. Click Add Realm. In the Add Realm sidebar, enter the realm information to configure the realm mapping to the authentication service. Enter a realm name and choose the Encoding (RFC-4282 or UTF-8) from the list, and then click Add.
  6. Under AAA Settings, select a preconfigured authentication server from the list or click Add Server to configure a primary authentication server. In the Add AAA Server dialog box, add an IP address, select the port number, and enter the Shared Secret, then click Add. Optionally, click Add Secondary Server to configure a secondary authentication server.
  7. (Optional) For Accounting Service, toggle the switch to ON to select an Accounting Server from the list or click Add Server to configure a primary accounting server. In the Add AAA Server dialog box, add an IP address, select the port number, and enter the Shared Secret, then click Add. Optionally, you can configure a secondary accounting server and click Next.
  8. Under Summary, review the settings and click Add to add the Identity Provider.
Up to 16 identity provider profiles can be created.