Using SAML SSO for User Identity via ULA (User Level Authentication)

SAML enables organizations to authenticate users before they access any resources. This is achieved by configuring user-level authentication (ULA) via the firewall access rules.

Ensure that you have configured SAML for HTTPs Management Service (for user login) on the respective interface, for more information on configuration, refer to the section Configuring SAML.

To use SAML SSO for User Identity

1. Navigate to Policy > Access Rule.
   

2. Click Edit on the access rule of interest that allows access to a resource ( e.g., internet) intended only for authenticated users.

3. In the Editing Rule dialog box, select the User & TCP/UDP tab.
   
   

4. In the Include field, select Trusted Users.

5. Check the box – Authenticate via SAML.

6. In the SAML Profile field, select your profile.

7. Click Save.
   

   Ensure that user login is enabled on the respective interface.

   Example - To verify user login on X0 interface go to Network > Interfaces > hover over X0 interface and click Edit and ensure User Login via HTTPS is enabled.

   

8. To verify SAML SSO for User Identity, for the users requiring authentication can access the resource from their computer.

   For example, if user authentication is required for internet access via the default LAN to WAN allow rule, you can access https://www.sonicwall.com from the authenticated user's computer.

9. To proceed, accept all certificate warnings.

10. On the IdP login page, enter the username and password.

    The SonicWall web page is displayed. The user can seamlessly connect to the Internet via UTM box.