• Cloud Edge Secure Access
• Welcome to SonicWall Cloud Edge!
• Prerequisites
• Installation
  • Accessing the Client Management Console
  • Installation Methods
• Networks
  • Understanding Networks
  • SDP Networks
  • Regions and Gateways
    • Adding a region
    • Adding a gateway
  • Connecting Infrastructure
    • Prerequisites
    • Site-to-Site Connections
    • IPsec Tunnel
    • WireGuard Connector
    • Connect On-Prem Resources
      • Firewalls
        • SonicWall
    • Connect Cloud Resources
      • Amazon AWS
        • AWS Virtual Gateway
        • AWS Transit Gateway
      • Alibaba Cloud
      • Microsoft Azure
      • Google Cloud Platform
      • Heroku Enterprise
      • IBM Cloud
      • Docker
• Groups and Members
  • Members
    • Inviting Members
    • Password Requirements
    • Managing Roles
  • Groups
    • Managing Groups
    • Identity Provider Groups
  • Identity Providers (IdP)
    • Integrate Identity Providers
    • Azure AD
      • Azure Active Directory (SAML 2.0)
      • Azure Active Directory
    • Google Suite
      • Google Services
      • Google Apps (SAML 2.0)
    • On-Premises Active Directory
    • SAML 2.0
      • Generic SAML
      • Active Directory Federation Services (ADFS)
      • Auth0
      • Okta
      • OneLogin
      • PingIdentity
      • JumpCloud
• Securing the Platform
  • Securing Networks
    • Segmenting Networks
    • Device Posture Check
    • Network Traffic Control
    • Firewall-as-a-Service
  • Securing User Access
    • Multi-Factor Authentication
      • MFA Authentication
      • DUO Security
    • Agent-less Access
      • Zero Trust Application
        • HTTP/HTTPS
        • RDP (Remote Desktop Protocol)
        • SSH (Secure Shell)
        • VNC (Virtual Network Computing)
      • Zero Trust Policies and Rules
    • Agent-based Access
      • SonicWall Agents
        • Downloading and Installation
      • Agents Configuration
        • User-Groups Policies
        • Managing Configurations
        • General Configurations
        • Network Configuration
        • OS-Specific Configurations
• Monitoring
  • Activity Tracking
    • Activities and Logs
    • Member Devices
  • Monitoring Dashboard
  • Integrations
    • Amazon S3
    • Azure Sentinel
    • Splunk Cloud
• Compliance
  • HIPAA
  • GDPR
  • SOC 2 Type 2
• SonicWall Support
  • About This Document

Generic SAML

This article describes how SonicWall Cloud Edge allows users to authenticate against an external IdP using the Security Assertion Markup Language (SAML) protocol. The platform can automatically manage the IdP added Members and assign them to IdP correlating Groups.

• Introduction to SAML
• Integration with a generic SAML IdP
• Configuring SonicWall Cloud Edge

Introduction to SAML

SAML-based federation involves two parties:

An identity provider (IdP): authenticates users and provides to Service Providers an Authentication Assertion if successful.

A service provider (SP): relies on the Identity Provider to authenticate users.
SonicWall Cloud Edge supports the SAML protocol and can serve as the service provider for users that are authenticated by different IdPs.

During the login process, Members will be redirected to the IdP in order to authenticate. Once the user is authenticated, the SonicWall Cloud Edge will get a SAML assertion and associate the Member with the appropriate role and policies.

Integration with a SAML IdP

In order to integrate with a SAML IdP, you will need to create a dedicated SonicWall Cloud Edge application within your SAML IdP.

Most of the IdPs will require the following information when creating a new application:

• Single sign-on URL: https://auth.sonicwalledge.com/login/callback?connection=tenantname-oc
• Audience URI (SP Entity ID): urn:auth0:sonicwall-production:tenantname-oc

Remember to replace tenantname with your actual tenant name

In order to map the IdP members correctly the following attributes have to be passed to the platform:

IdP Attribute	SonicWall Cloud Edge Mapping
Email Address	email
First Name	given_name
Last Name	family_name

Should you require to pass group memberships to SonicWall Cloud Edge:

IdP Object	SonicWall Cloud Edge Mapping
Groups	groups

Once the application is created you'll be provided with the following information:

• X.509 Certificate
• IdP Sign-in URL

Configuring SonicWall Cloud Edge

You need to configure the integration from the SonicWall Cloud Edge side.

1. Log in to your SonicWall Cloud Edge Management Platform, and navigate to Settings and then Identity Providers.

2. Select + Add Provider.

   

3. Select SAML 2.0 Identity Cloud.
4. Fill in the Sign In URL provided by the IdP.
5. Add your organization domains.

6. Paste the X.509 Certificate provided by the IdP.

   

7. Select Save.

Access Error troubleshooting

If your users are getting access error after the configuration, please check these steps.