Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Configuring Web Settings > Configure Single Sign-On settings
Configure Single Sign-On settings
 
Note 
The single sign-on feature uses a third-party identity provider that authenticates user identity, attributes, and roles using your enterprise directory. Single sign-on uses the Security Assertion Markup Language 2.0 (SAML2.0) data format to send messages to and receive responses from your identity provider. All communications between components are secured.
If you already have an identity provider supported by the cloud service, you can configure your provider to authenticate users browsing via the cloud proxy, enabling seamless end-user login.
When single sign-on is enabled, end users connecting to the cloud proxy are redirected to your identity provider, if specified in their policy. Once a user has been authenticated against your directory service, they are directed back to the proxy and the appropriate policy is applied. Clients who have authenticated once do not then have to re-authenticate for subsequent web browsing sessions, for a specified period of time (see Session timeout).
To configure single sign-on:
1.
Go to Web > Settings > Single Sign-on.
2.
Mark Use identity provider for single sign-on.
3.
For customers who had configured single sign-on prior to the introduction of the SAML 2.0 Compliant Identity Provider option, the previously selected identity provider is displayed and a drop-down list offers the original provider and SAML 2.0 Compliant Identity Provider. The vendor-specific options remain available strictly to support customers already using them. It is recommended that all customers select the generic option.
4.
*
If you select URL, locate the URL of your identity provider's metadata and enter it in the field provided.
*
If you select File upload, click Browse to locate the exported metadata file from your identity provider.
If you have previously uploaded a metadata file, the file name and date and time of upload are displayed on the page.
5.
6.
7.
Click Save.
When you click Save, the specified metadata source is validated. If it is found to be invalid, the cloud portal displays an error and restores the previous configuration. This means either reverting to the previous metadata source if one was configured, or disabling the Use identity provider for single sign-on checkbox if you are configuring single sign-on for the first time.
Once you have completed the setup on this page, you must do the following to complete single sign-on activation:
*
*
*
 
Note 

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Configuring Web Settings > Configure Single Sign-On settings
Copyright 2020 Forcepoint. All rights reserved.