Once you have set up an IdP proxy in Secure Cloud Access, you can create a cloud authentication policy to restrict access. By default, all logins are allowed, but you can configure a policy to deny access by user, user group, device, OS, IP address, or location. You can apply authentication control to sanctioned and unsanctioned cloud applications.

Any cloud authentication policies you create will be triggered only if you have the IdP proxy set up in Secure Cloud Access.

To create a cloud authentication policy, see Creating cloud authentication policies.

For information about configuring Secure Cloud Access to enable SSO, see the next section, Enterprise Authentication - enabling SSO.