Configuring User Authentication for Barracuda Cloud Control Access
Before users can access Barracuda Networks products through Barracuda Cloud Control (BCC), you must decide how they will be authenticated and added to the Barracuda Product Access List. This is done through an Identity Provider (IdP) or by creating local accounts in BCC.
There are four authentication methods to choose from, each designed for different organizational needs and infrastructure setups. These options are listed in order of recommendation.
Which Option Should I Choose?
Use this table to quickly pick the right approach for your environment:
Option | Best for | Key characteristics |
|---|---|---|
Most enterprise and production deployments | Central IdP (Entra ID, Okta, Duo, etc.) for SSO, policies, and lifecycle management | |
Microsoft‑centric environments with Entra ID and on‑prem AD/AD FS | Entra ID plus Entra Connect (PHS or PTA) for cloud sign-ins with your existing AD setup | |
On-premises directories without a cloud IdP | Direct authentication against LDAP (AD, OpenLDAP, etc.) | |
Labs, evaluations, or small environments | Standalone BCC accounts independent of corporate identity systems |
1. SAML Integration
Recommended for most enterprise deployments.
SAML connects BCC to your existing Identity Provider (Microsoft Entra ID, Okta, Duo, etc.) for Single Sign-On. Users authenticate once through your IdP with their corporate credentials, and your IdP sends BCC a secure token confirming their identity. BCC then grants access without requiring a separate password.
Benefits:
Single Sign-On across all enterprise applications
Centralized enforcement of MFA and conditional access policies
Automated user provisioning and de-provisioning through your IdP
For configuration details, see How to Configure SAML Single Sign-On for Barracuda Cloud Control.
2. Microsoft Entra ID (Azure AD) Federation
Best for Microsoft-centric environments.
Entra ID federation is designed for organizations using Microsoft Entra ID with an on-premises Identity Provider (IdP), such as AD FS. Microsoft Entra Connect synchronizes your on-premises directory to the cloud using Password Hash Synchronization (PHS) or Pass-through Authentication (PTA). When users sign in to BCC, Entra ID validates their credentials against your AD infrastructure and grants access without BCC ever seeing the password.
Benefits:
Native integration with Microsoft 365 and Azure services
Apply existing Entra ID policies, groups, and Conditional Access rules
Maintain on-premises AD as your identity source while enabling cloud access
For configuration details, see Microsoft Entra ID with Active Directory Federation Services.
3. LDAP Directory Integration
For on-premises directory environments.
LDAP integration allows BCC to authenticate users directly against your corporate directory (Active Directory, OpenLDAP, etc.). When users sign in, BCC sends their username and password to your directory server over LDAP, and the directory checks the credentials and confirms whether access should be granted.
Benefits:
Direct authentication against your existing directory infrastructure
Centralized user management without requiring a cloud IdP
Works with Active Directory, OpenLDAP, and other LDAP-compliant directories
For configuration details, see LDAP Active Directory and Microsoft Entra ID.
4. Individual User Accounts
For labs and small deployments.
Individual user accounts allow users to create standalone BCC accounts with credentials managed directly in BCC. Users create their own usernames and passwords, and BCC stores and validates these credentials internally; no external identity system is required.
Benefits:
Quick setup with no external infrastructure
Ideal for testing, labs, and proof-of-concept environments
No directory or IdP configuration required
For configuration details, see Create a Barracuda Cloud Control Account.