Configuring a SAML server
To configure an SAML server:
-
Go to Security > Firewall Objects.
-
Select SAML Servers from the User & Device dropdown.
-
Click Create or select an existing server from the list and click Edit.
-
In the form, enter the following information:
Settings Guidelines Name
Enter the display name for this server. SP Settings SAML service provider (SP) settings. Obtain these values from your service provider. Entity ID
Enter the identifier URL for the SP used to identify the issuer of the SAML request. This URL must be provided to the IdP.
Certificate
Optionally, select the certificate used to sign the SAML messages originating from the SP to the IdP. Single Sign-on URL
The single sign-on URL informs the IdP and end user the URL to send the SAML assertion for login to. This URL must be provided to the IdP.
Single Sign-out URL
The logout URL informs the IdP and end user the URL to send the request for logout to. If set, this URL must be provided to the IdP.
IdP Settings
SSO identity provider (IdP) settings. Obtain these values from your IdP.
Entity ID
Enter the URL of your IdP entity identifier. The name of this field on your provider may vary.
Certificate
Select the SAML signing certificate from the IdP.
To make the certificate available:
-
Obtain the certificate from your IdP.
-
Request that your service provider upload the certificate to the firewall.
-
Your service provider imports the certificate to your account.
Single Sign-on URL
Enter the sign-on endpoint URL as provided by your IdP.
Single Sign-out URL
Enter the sign-out endpoint URL as provided by your IdP.
Additional SAML Attributes
Attribute used to identify users
Specify the name of the attribute for a user within the SAML assertion statement. This value is case sensitive.
Attribute used to identify groups
Specify the name of the attribute for a group within the SAML assertion statement. This value is case-sensitive.
-
-
Click Save.