Documentation
|
Support
End User Single Sign-On for Forcepoint Web Security Cloud
End User Single Sign-On for Forcepoint Web Security Cloud
Forcepoint Web Security Cloud / End User Single Sign-on for Forcepoint Web Security Cloud
The end user single sign-on feature (SSO) allows seamless authentication for end users browsing via Forcepoint Web Security Cloud, using a supported identity provider (IdP). When enabled, the cloud service uses your identity provider to authenticate user identity, attributes, and roles using your enterprise directory.
Single sign-on is a convenient and secure way of sharing logon credentials across your estate, streamlining the authentication process across multiple systems, and providing seamless authentication in cases where the Forcepoint Web Security Endpoint cannot be used. Forcepoint uses the Security Assertion Markup Language (SAML 2.0) data format to send authentication requests to and receive responses from your identity provider. All communications between components are secured.
When single sign-on is enabled, end users are redirected to the identity provider specified in their policy when connecting to the proxy. Once users have been authenticated by the provider, they are directed back to the proxy, and the appropriate policy applied to their web request. Clients who have authenticated once do not need to re-authenticate for a set period of time.
This document covers the following topics:
Supported identity providers
Configuration steps
How single sign-on works
Authentication for roaming or remote users
SSO with tunneling
Auto-provisioning
Authentication decryption
Limitations and recommendations
Troubleshooting
Supported identity providers
Single sign-on is a standards based service that supports any identity provider that supports the SAML 2.0 standard. Following is a partial list of the currently supported providers.
Google IdP
Microsoft Active Directory Federation Services
Microsoft Azure Active Directory
Okta
OpenAM
Oracle Identity Federation
PingFederate
Note
Single sign-on can be used with pure cloud or hybrid solutions. Some of the providers listed above are not supported for use with Forcepoint Web Security Hybrid Module. Please contact Technical Support for details of currently supported identity providers for hybrid.
This document covers configuring single sign-on for the cloud service.
End User Single Sign-On for Forcepoint Web Security Cloud
Copyright 2022 Forcepoint. All rights reserved.