The SAML 2.0 protocol supports any identity provider and authentication method, allowing you to use your own identity service with Skyhigh Web Security Gateway Service.
The SAML specification defines these roles:
- Identity provider — Authenticates the user and provides SAML assertions affirming the user's identity. The identity provider is any identity service that your organization specifies.
- Service provider — Decides whether to provide the service requested by the user based on the identity information received from the identity provider. The user is requesting access to a web resource. As the service provider, WSGS forwards the user's request to the cloud with the identity information or blocks the request.
The identity provider and service provider communicate using a request-response protocol:
- SAML request — The service provider sends a request for authentication to the identity provider.
- SAML response — The identity provider sends the service provider a response with one or more SAML assertions.