Configuring the SAML Service Provider (SP)

First configure the SAML Service Provider. SAML Service Provider allows you to configure the service specific to the interface that you want to link with SAML SSO login. “Service” refers to specific use cases such as SSL VPN or Web Management.

To configure the SAML Service Provider

1. Navigate to Device > Users > Settings > SAML CONFIGURATION.

   

2. Click the Configure button next to SAML Service Provider.

3. In the SAML Service Provider dialog box, click + Add.

   

4. In the SAML Service Provider dialog box, enter the following information.

   

5. In the Name field, enter the name of the service provider.

6. In the Type drop-down, select the type of identifier for the service provider.
   IP: If you want the SP URLs (such as identifier/entity ID URL, ACS URL) to be generated based on the IP address, use the IP. This corresponds to the firewall interface IP, which is associated with the service.
   Domain: If you want the SP URLs, such as the identifier/entity ID URL and the ACS URL, to point to a specific domain, select Domain. Make sure that you have the necessary DNS configuration in place to link this to the firewall interface IP associated with the service

7. In the Address Object drop-down, select address object associated with the service provider/Firewall interface.

8. In the Service drop-down, select the type of service that can utilize SAML for authentication.

   • HTTPS Management: Use this service to configure SAML for firewall administration or to enable SAML SSO for user identity via ULA.

   • SSLVPN: Use this service for authenticating users via SAML when they connect through SSLVPN. This applies to both client applications (like NetExtender or Mobile Connect) and when accessing the Virtual Office Portal.
     For Example: in the SAML Service Provider screenshot, the "firewall.domain.com" domain is linked to the HTTPS Management service. Ensure that you configure the DNS settings in your environment so that "firewall.domain.com" resolves to the appropriate IP address of the firewall's interface, such as the X0 interface.

   The information you configure for the Service Provider will help generate the following inputs needed on the IDP side.
   -Identifier ID, also known as Entity ID
   -Reply URL, also known as ACS URL
   

9. Click Save.

On the SAML Service Provider dialog box, the last entry displays the newly created service provider.

To export SP metadata, click Export SP Metadata for the Service Provider. For more information on exporting SP Metadata, refer to the section Exporting SP Metadata.

10. Click Close.