Reference Material | Cloud accounts
As part of the customer account setup process for Specops Authentication, you will be asked to create a Cloud account. A Cloud account differs from a domain account, as it does not directly connect to the on-premises component, known as the Gatekeeper, and therefore it does not have access to Active Directory. There are certain scenarios in which a Cloud account can be used in place of a domain account:
- During account creation: The initial setup of a customer account occurs before the Gatekeeper has been installed. As part of the setup process, you will be required to create a Cloud account. This Cloud account will be used to complete the setup until the Gatekeeper has been installed. Once the Gatekeeper has been installed, you will be able to use your domain account to access Specops Authentication.
- If the download package/activation code is lost: If you have misplaced the download package or activation code, you can retrieve them by signing in to Specops Authentication using your Cloud account credentials.
- Issues with the Gatekeeper: If the connection to the Gatekeeper is lost and you cannot use your domain account, for example, because the Gatekeeper has been uninstalled, or the server on which the Gatekeeper is installed stops working, you can access Specops Authentication using your Cloud account instead.
What permissions apply to a Cloud account?
A Cloud account has read access to all the pages in the Admin section of Specops Authentication Web, as well as full control over the Account and Gatekeeper pages. This means it has the permission to create and delete Cloud Accounts, as well as the permission to create and unregister Gatekeepers.
How does authentication work for a Cloud account?
The authentication process works in the same way for both cloud and domain accounts. You must enroll with one or more identity services and then authenticate with these in order to access the Admin pages in Specops Authentication Web.
Note: In the current version, the required identity services are Cloud Account Password and Mobile Code. When you enroll for a cloud account, you will be asked to enroll with these identity services.
What information is stored for Cloud accounts?
The email address, mobile phone number, and hash of the password associated with each Cloud account is stored in a database hosted in the Cloud, and can only be accessed by the system. No Cloud account information is stored in Active Directory.