You can configure SAML authentication alone or add a SAML configuration to a location that has IP range, IPsec, or GRE mapping configured. Skyhigh Web Security Gateway Service uses SAML to authenticate requests received from the IP address ranges or through the IPsec or GRE tunnel configured for the location.
WSGS supports multiple named SAML configurations with or without the location information provided by IP range, IPsec, or GRE mapping.
SAML alone versus SAML with location information
There are some differences between SAML authentication alone and SAML combined with IP range, IPsec, or GRE mapping.
|Difference||SAML alone||SAML with location information|
|Location information||No location information is provided.||Location information is provided by IP range, IPsec, or GRE mapping.|
|Proxy port||Web requests are sent to dedicated SAML port 8084.||Web requests are sent to HTTP/HTTPS ports 80 and 443.|
|Logon requirement||Users are prompted to log on using an email address.||No logon is needed.|
SAML authentication steps
SAML authentication alone and SAML with IP range, IPsec, or GRE mapping share most authentication steps. Only the initial steps are different.
|SAML alone||SAML with location information|
Shared SAML authentication steps