How to Setup SSO to the SonicWall CSE Command Center

During your Zero-Trust Journey, you may find it easier to configure SSO for you and your other SonicWall Cloud Secure Edge (CSE) administrators to access the Comand Center via Single Sign-On. This guide will walk through a simple SAML connection from scratch. Some products such as Okta and EntraAD may have pre-configured catalog applications for quick and easy setup. 

Notes: Cloud Secure Edge products that are MySonicWall integrated must have admin IDP updated in MySonicWall

https://www.sonicwall.com/support/knowledge-base/mysonicwall-external-idp-integration/230213055453220/.

Below, we will guide you through the SonicWall CSE configuration for Command Center SSO providing the steps for the actions taken there. The steps for the Identity Provider may vary from provider to provider. Please contact your respective vendor's support team if you require assistance configuring SAML within your Identity Provider. 

1. On the CSE Command Center, navigate to Settings > Identity and Access > Admin. 
   
   
   
   
2. Locate the Sign-On Method drop-down and choose SAML 2.0 as shown below:
   
   
   
   Make note of the Redirect URL (SAML ACS) value provided by this page
   
   
   
   
3. Prepare your Identity Provider to configure a new SAML application for the target group of users who should have admin access to the CSE Command Center. 
   
   Then use the copied value from the previous step to fill out the Assertion Consumer Service URL(s) and the Service Providers Entity ID or their equivalent. 
   
   NOTE: Some Identity Providers may use different terminology for the ACS and Service Provider EntityIDs. Please refer to your Identity Provider's SAML documentation for the specific terms of the Identity product you are using. 
   
   
   
4. Then map the Subject of the SAML assertion to the NameID format for SAML 2.0 EmailAddress with the value matching the user's corporate email address. 
   
   NOTE:  Some Identity Providers may use different terminology for the Subject's NameID Format and its mapping to a user attribute. Please refer to your Identity Provider's SAML documentation for the specific terms of the Identity product you are using. 
   
   
   
   
   
5. The configuration to your Identity Provider is now complete, it is time to configure the remaining items on the SonicWall Command center. Enter your Identity Provider's EntityID into the "IDP Issuer" field in the Command Center. 
   
   NOTE: Some Identity Providers may use different terminology for the IDP EntityID. Please refer to your Identity Provider's SAML documentation for the specific terms of the Identity product you are using. 
   
   
6. Copy the Metadata URL or Metadata XML from your Identity Provider. Then fill out either the "IDP Metadata URL" or "IDP Raw Metadata (XML)" field.
   
   NOTE: The configuration below is for visual example only. You only need to fill out one of these two fields.
   
   
   
   
7. Finally, click "Update" and Confirm your changes once your configuration is complete. 
   
   
   
   

Further Reading

Single Sign-On Documentation

Managing Administrators