Secure Mobile Access 12.4 CMS Administration Guide

Configuring Your SMA Appliance to be a SAML IdP

For your SMA appliance to operate as a Identity Provider, trust needs to be established between the application and your SMA appliance.

For more information, see “Using Your SMA Appliance as a SAML Identity Provider” in the SMA 12.4.1 Administration Guide.

SMA and CMS is enhanced to support SAML authentication for Administrators. Also, SMA is enhanced to support group membership details over SAML authentication and users without on-premise Active Directory can now have group level management.

Prior to SMA 12.4.1 version, group membership details of users are not available to SMA when using SAML IdP authentication.

For more information on how to configure user group support in SAML authentication, refer to Configuring SAML Authentication Servers section of SMA 12.4.1 Administration Guide.

To configure your SMA appliance to be SAML IdP

  1. In the CMS, navigate to the Managed Appliances > Configure > Define Policy page.
  2. In the User Access section, click SAML Identity Provider.

  3. Select Enable SAML 2.0 Identity Provider service to enable the SMA appliance as an Identity Provider.
  4. In the Entity ID field, enter the URL that uniquely identifies your SAML Identity Provider.

    For example

  5. Set the value in the Assertion validity field for the time allowance (in seconds) that the application should accept for assertions from your SMA appliance.
  6. In the Endpoint FQDN field, specify an FQDN to which the application will send SAML requests.

    You will need to configure a WorkPlace site in order to customize the FQDN.

  7. The Signing certificate field displays the location of the certificate used by the IdP to sign its SAML messages. The certificate is automatically selected based on the Endpoint FQDN. (You can configure certificates in the SSL Settings > SSL Certificates page.

    For more information, see “Certificates” in the SMA 12.4.1 Administration Guide).

  8. Click the Export button to export the SAML metadata to an XML file that can be imported when configuring applications to accept your SMA appliance as an Identity Provider.
  9. Click Save.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.