The enterprise administrator uses the enterprise IdP to manage the identities and permissions of federated users. An identity conversion rule is used to map the identities and permissions of federated users to those in the cloud system. The cloud system uses the rule to control which operations federated users can perform and which resources they can access.
The Modify Identity Provider page is displayed.
After an IdP is created successfully, the cloud system will preconfigure a default rule. This rule converts the usernames of federated users to FederationUser, which is displayed in the cloud system. This rule only allows the federated users in the current IdP to access certain resources. If this default rule does not meet your requirements, you can click Edit Rule to modify it.
For example, set a rule for an enterprise system administrator:
After the rules are edited, you can click Verify Rule in the lower left corner of the page to verify that they are correct.