End User Single Sign-On for Forcepoint Web Security Cloud

Documentation | Support

Go to the table of contents

Go to the previous page

Go to the next page

View or print as PDF

End User Single Sign-On for Forcepoint Web Security Cloud

End User Single Sign-On for Forcepoint Web Security Cloud

Forcepoint Web Security Cloud / End User Single Sign-on for Forcepoint Web Security Cloud

The end user single sign-on feature (SSO) allows seamless authentication for end users browsing via Forcepoint Web Security Cloud, using a supported identity provider (IdP). When enabled, the cloud service uses your identity provider to authenticate user identity, attributes, and roles using your enterprise directory.

Single sign-on is a convenient and secure way of sharing logon credentials across your estate, streamlining the authentication process across multiple systems, and providing seamless authentication in cases where the Forcepoint Web Security Endpoint cannot be used. Forcepoint uses the Security Assertion Markup Language (SAML 2.0) data format to send authentication requests to and receive responses from your identity provider. All communications between components are secured.

When single sign-on is enabled, end users are redirected to the identity provider specified in their policy when connecting to the proxy. Once users have been authenticated by the provider, they are directed back to the proxy, and the appropriate policy applied to their web request. Clients who have authenticated once do not need to re-authenticate for a set period of time.

This document covers the following topics:

Supported identity providers

Configuration steps

How single sign-on works

Authentication for roaming or remote users

SSO with tunneling

Auto-provisioning

Authentication decryption

Limitations and recommendations

Troubleshooting

Supported identity providers

Single sign-on is a standards based service that supports any identity provider that supports the SAML 2.0 standard. Following is a partial list of the currently supported providers.

Microsoft Active Directory Federation Services

Microsoft Azure Active Directory

Oracle Identity Federation


	Note Single sign-on can be used with pure cloud or hybrid solutions. Some of the providers listed above are not supported for use with Forcepoint Web Security Hybrid Module. Please contact Technical Support for details of currently supported identity providers for hybrid. This document covers configuring single sign-on for the cloud service.

Go to the table of contents

Go to the previous page

Go to the next page

View or print as PDF

End User Single Sign-On for Forcepoint Web Security Cloud

Copyright 2022 Forcepoint. All rights reserved.