SAML authentication requires configuration in your identity provider, on the endpoints in your organization, and in Skyhigh CASB.
Configure your identity provider
For SAML authentication with WGCS, configure your identity provider to use this URL:
Because the cloud service consumes SAML assertions sent by the identity provider, this setting is known as the Assertion Consumer Service (ACS) URL.
Configure the endpoints
Deploy the default CA provided by Skyhigh Security to the endpoints.
For SAML authentication without IP range, IPsec, or GRE mapping, configure the browsers on the endpoints to
send web requests to port 8084, as follows:
Configure Skyhigh CASB
Configuring SAML authentication for WGCS in Skyhigh CASB includes these overall tasks:
- Configure the SAML authentication settings during setup.
- (Optional) Add a SAML configuration to a location with IP range, IPsec, or GRE mapping configured.
You need Administrator | Setup & Configuration permissions to access the Web Gateway Setup UI and configure SAML authentication.