Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Configuring SAML Parties to Work Together

SAML authentication requires configuration in your identity provider, on the endpoints in your organization, and in Skyhigh CASB.

Configure your identity provider

For SAML authentication with WGCS, configure your identity provider to use this URL:

Because the cloud service consumes SAML assertions sent by the identity provider, this setting is known as the Assertion Consumer Service (ACS) URL.

Configure the endpoints

Deploy the default CA provided by Skyhigh Security to the endpoints.

For SAML authentication without IP range, IPsec, or GRE mapping, configure the browsers on the endpoints to

send web requests to port 8084, as follows:


Configure Skyhigh CASB

Configuring SAML authentication for WGCS in Skyhigh CASB includes these overall tasks:

  1. Configure the SAML authentication settings during setup.
  2. (Optional) Add a SAML configuration to a location with IP range, IPsec, or GRE mapping configured.


You need Administrator | Setup & Configuration permissions to access the Web Gateway Setup UI and configure SAML authentication.

  • Was this article helpful?