In This Article


An Identity Source is a structured directory of objects (users, groups, computers, etc.) that Clearlogin uses to look up and verify the validity of an authentication attempt.  Clearlogin has its own internal directory that can be used as an identity source, or Clearlogin can be configured to use one or more of the following identity sources:

Identity Source Priority

Identity Source Priority determines the order in which a user's authentication attempt will hit each Identity Source. Clearlogin will go through each identity source until the user's credentials are matched with the credentials in an identity source.  If no matching credentials are found in any of the identity sources, then the authentication attempt will fail.

There are 10 priority slots for your identity sources with a priority of 1 being the highest priority and 10 being the lowest priority.  If you set two or more identity sources to the same priority, the identity sources will be queried from the oldest creation date (first) to the newest creation date (last).

Best practice is to set a priority order with the largest identity source with the highest priority and the smallest identity source with the lowest priority.

A primary use case for identity source priorities is having multiple connections to the same directory

For example, you can configure Clearlogin with 2 identity sources (2 domain controllers) that are members of the same Active Directory forest.  Just make the higher priority identity source a connection to your primary domain controller, and the lower priority identity source a connection to your secondary domain controller.  This way Clearlogin has the ability to authenticate your users when the primary domain controller is not available.

Keep in mind that identity source priority can affect authentication speed, which affects the end-user experience.  Although it should be barely noticeable, the lower the priority, the longer it may take to login.  This is because Clearlogin will try against each identity source in order of priority until it hits a source with matching credentials.  Therefore, if a user signs in with credentials that will match the identity source with a priority of 5, the user will have to wait for their login attempts to fail with sources 1-4.  Normally the effect of this is minimal, but it is worth calling out.

Access Tags

Identity Source Access Tags are used to scope Access Rules and Applications to the user accounts in the identity source.  Under normal conditions you would use the name of an Identity Source as the name of the Access Tag.  However, this can be overridden with a custom name for the access tag.

For example, if the identity sources have long descriptive names, you can abbreviate them with a custom name for the access tags.

  • No labels