SAML Bypass List For G Suite and ULA rules

Description

"SAML Bypass List For G Suite" is an Address Group auto-generated by SonicOS when G Suite is the IDP provider for SAML. 

Depending on several factors (like the country from where the IDP was created, or the end-user OS) additional FQDN's might need to be manually created and added to this group in order to avoid issues during redirections to the login page. 

Resolution

#1 - The following FQDN address objects should be created in the WAN zone:

  • www.gstatic.com
  • fonts.gstatic.com
  • ssl.gstatic.com
  • accounts.google.fr (if the IDP was created from France) OR 
    accounts.google.es (if the IDP was created from Spain) OR 
    accounts.google.co.in (if the IDP was created from India) and so on

#2 - Go to OBJECTS/Match Objects/Addresses/Address Groups and edit the group named "SAML Bypass List For G Suite" and add the new FQDN objects created in step #1

   

 

Related Articles

  • How to use www.pkitools.net for Resigning the DPI SSL Client Certificate.
    Read More
  • SSLVPN authentication with SAML and Google Workspace
    Read More
  • Certificate error when accessing certain websites when Client DPI-SSL is Enabled
    Read More

Categories

Firewalls
NSa Series
Firewalls
NSsp Series
Firewalls
TZ Series
not finding your answers?
Ask the Community