Secure, Streamlined Access: SAML is Here in SonicOS 7.2.0

Simplify authentication and boost security across your organization with SAML support in SonicOS 7.2.0.

In today's digital landscape, managing user access efficiently and securely is more crucial than ever. Here comes Security Assertion Markup Language (SAML), a powerful tool that simplifies authentication across various applications. Whether you're an end user, employee, IT professional or business owner, SAML offers a streamlined solution that enhances security while reducing the hassle of managing multiple passwords.

Fewer passwords help decrease user password fatigue and simplify the process for IT teams to manage access. With SAML's integrated capabilities, organizations can improve onboarding, offboarding and policy enforcement.

SonicOS 7.2.0 supports the following SAML Single Sign-On Use cases:

1. User Identity

2. Firewall Administration or Management Access

3. Remote Access VPN (SSLVPN)

User Identity

SAML enables organizations to authenticate users before they access any resources. A typical scenario involves verifying a user's identity before they connect to the internet through the firewall. This is achieved by configuring user-level authentication (ULA) via the firewall access rules. This allows organizations to apply appropriate firewall policies, track user activity and ensure compliance.

With SAML, users can use credentials from their organization's identity provider (IdP) – a service that manages users’ digital identities – instead of local user accounts on the firewall. This makes identifying irregular activities easier and ensures that only authorized users are connected.

Firewall Administration OR Management Access

IT teams can now use SAML integration to manage firewall access using their organizational/domain credentials. This eliminates the need for local admin accounts, resulting in enhanced security, improved auditing and simplified troubleshooting. By centralizing management under a single authentication system, the IdP IT teams can operate more effectively, reducing the risk of unauthorized access.

Remote Access VPN (SSLVPN)

Previously, to connect and access private resources via SSLVPN, employees had to rely on local accounts created on the firewall, or the admins had to import users or respective groups from LDAP onto the firewall. Local user accounts often lead to management complexities and can become cumbersome, especially in larger organizations. Although importing users via LDAP is more straightforward than local accounts, it requires constant synchronization between the LDAP server and the firewall. Additionally, if the LDAP server experiences downtime or other issues, users may lose access to critical resources, disrupting business operations.

In contrast, using SAML integration for SSLVPN mitigates these issues. SAML allows users to authenticate using a single set of credentials from their organization's IdP. This approach drives consistency in the access process and the authentication policies applied across the organization.

Support for Multiple Identity Providers

SonicOS 7.2.0 introduces the capability to configure multiple IdPs.

This feature is invaluable for organizations where different entities must connect to the firewall. For instance, a Managed Service Provider (MSP) can establish their organization's IdP for firewall administration and management tasks. At the same time, the end customer sets up their own IdP for secure resource access via SSLVPN for employees. This dual configuration ensures that both parties can operate independently yet securely.

Enhancing security and simplifying user access can significantly improve an organization's efficiency. If you're interested in implementing SAML with SonicOS 7.2.0, don't hesitate to contact our experts. For more information on Gen7, please read our blog.

Take the next step towards a more secure and seamless authentication experience today!