Skip to main content
Skyhigh Security

Configure SAML Authentication for Secure Web Gateway

Use your own Identity Provider and share authentication and identity information with Secure Web Gateway in the form of SAML assertions.

To configure SAML authentication, you need the following information:

  • Service provider's entity ID
  • Identity Provider's entity ID
  • URL of your Identity Provider
  • Name of attribute that uniquely identifies users
  • Name of attribute that lists group memberships
  • Certificate to verify signed SAML responses and assertions
  • Names of one or more domains that identify your organization

For SAML authentication to succeed, the values you configure for SAML settings must exactly match in Skyhigh CASB and in your Identity Provider service.

  1. In Skyhigh CASB, click the Settings icon.
  2. Select Infrastructure > Web Gateway Setup.
  3. Click New SAML.
  4. Provide a name for the SAML configuration, then provide values for these SAML settings:
    • Service Provider's Entity ID — Unique identifier assigned to Secure Web Gateway by your organization. The Identity Provider uses this value to identify SAML requests sent by WSGS.
    • URL of SAML Identity Provider — Specifies the URL of the SAML service provided by your Identity Provider. Secure Web Gateway redirects SAML requests to this URL. Ask your Identity Provider for the URL.
    • Identity Provider Must Sign SAML Response — If your Identity Provider signs the SAML response, select this checkbox. When it's selected, WSGS verifies that all SAML responses are signed by the Identity Provider.
    • Identity Provider Must Sign SAML Assertion — If your Identity Provider signs the SAML assertion in the SAML response, select this checkbox. When it's selected, Secure Web Gateway verifies that all SAML assertions are signed by the Identity Provider.
    • Identity Provider's Entity ID — Unique identifier assigned to the Identity Provider by your organization. Secure Web Gateway uses this value to identify SAML responses sent by the Identity Provider.
    • User ID attribute in SAML response — Specifies the name of the attribute that uniquely identifies the user. Secure Web Gateway uses this setting when it extracts the user ID from the SAML assertion.
    • Group ID attribute in SAML response — Specifies the name of the attribute whose value is a list of group names. Secure Web Gateway uses this setting when it extracts group membership information from the SAML assertion. The service uses this information when applying group policies.
    • Identity Provider Certificate — Click Upload Certificate, browse for the certificate file provided by your Identity Provider, then click Open. Secure Web Gateway uses this certificate to verify the signatures of SAML responses and assertions signed by the Identity Provider. The supported certificate file types are: .cer, .crt,and .pem.
  5. Configure a list of domain names, one per line. Secure Web Gateway uses these values to identify your organization.
  6. Click Save.
    The named SAML configuration is saved.

You can publish saved changes to the cloud now or keep working and publish later.

  • Was this article helpful?