Secure Mobile Access 100 10.2 Administration Guide

Technical Documentation>  Configuring Secure Mobile Access>  Portals Configuration>  Portals > Domains>  Adding a Domain with SAML 2.0 Authentication
Table of Contents

Adding a Domain with SAML 2.0 Authentication

Security Assertion Markup Language (SAML) is a standard protocol used by web browsers to enable Single Sign- On (SSO) through secure tokens.

SAML eliminates the need for passwords during sign-in by implementing a secure method of passing user authentications and authorizations between the identity provider and service providers. When a user logs into a SAML enabled application, the service provider requests authorization from the appropriate identity provider. The identity provider authenticates the user’s credentials and then returns the authorization for the user to the service provider, and the user is now able to use the application.

SAML 2.0 specifies a Web Browser SSO Profile that involves exchanging information among an identity provider (IDP), a service provider (SP), and a principal (user) on a web browser. SMA100 works as a Service Provider (SP); Microsoft Azure Active Directory and one login server work as Identity Providers.

To add a domain with SAML 2.0 authorization

Prerequisite: You need to add the SMA application to an IDP that you wish to use as the SMA Authentication server. For information on adding the SMA application to an IDP and configuring SAML authentication on your SMA appliance, see Configuring SAML Authentication.

  1. In the SMA management interface, navigate to Portals > Domains.

  2. On the Domains page, click ADD DOMAIN.

  3. Select SAML 2.0 Identity Provider from the Authentication type drop-down menu.

  4. Enter a descriptive name for the authentication domain in the Domain Name field.

    This is the domain name users select to log in to the Secure Mobile Access user portal. It can be the same value as the Server address field.

  5. Enter the SAML entity ID of the appliance in the Appliance ID field.
  6. Enter the SAML entity ID of the IDP in the Server ID field.
  7. Enter the HTTP/S URL where IDP hosts the SAML SSO service in the Authentication service URL box.
  8. Enter the HTTP/S URL where IDP hosts the SAML logout service in the Logout service URL box.
  9. From the Trusted Certificates drop-down box, select the SAML certificate (used for SAML message verification) downloaded from the IDP server. The SAML certificates that can be selected are uploaded under System > Certificates > SAML certificates.
  10. Enter the customized username for SAML users in the User Name box.
  11. Enter the custom name for groups in the Group Name box.
  12. Select the appropriate portal in the Portal Name box.
  13. Configure all the other optional fields displayed in the page.
  14. Click Submit.