In clouds with external authentication enabled any domain account will be able to login to the site. This gives the users access to the Interactive and codeless UI besides the reporting section of the site which will enable user to consume licenses for web cradles. In the "livestream" tab users in interactive sessions will be visible, despite the fact they are not existing the cloud site administration:

The user in the bottom is not part of the system administration's Users tab.


The customers' local IDP (Identity Provider) should be configured to restrict access to the URL of the cloud. Any user attempting to login with a functional domain account will be able to do so and access this portion of the cloud.

The security team on the customers's side should be engaged to allow/restrict access to the cloud URL in order to control the usage of the site.

Working in the flash UI will require the user to have account in System Administration.