Configuring SAML Parties to Work Together
SAML authentication requires configuration in your identity provider, on the endpoints in your organization, and in Skyhigh CASB.
The following sections explain the configuration activities that you need to complete here in more detail. For more information, see Configure SAML Authentication for Secure Web Gateway.
Configure your identity provider
For SAML authentication with WGCS, configure your identity provider to use this URL:
https://saml.wgcs.skyhigh.cloud/saml
Because the cloud service consumes SAML assertions sent by the identity provider, this setting is known as the Assertion Consumer Service (ACS) URL.
Configure the endpoints
Deploy the default CA provided by Skyhigh Security to the endpoints.
For SAML authentication without IP range, IPsec, or GRE mapping, configure the browsers on the endpoints to
send web requests to port 8084, as follows:
c<customer_id>.wgcs.skyhigh.cloud:8084
Configure Skyhigh CASB
Configuring SAML authentication for WGCS in Skyhigh CASB includes these overall tasks:
- Configure the SAML authentication settings during setup.
- (Optional) Add a SAML configuration to a location with IP range, IPsec, or GRE mapping configured.
Permissions
You need Administrator | Setup & Configuration permissions to access the Web Gateway Setup UI and configure SAML authentication.