Single Sign-On Authentication with SAML 2.0

About SAML Single Sign-On Authentication

Security Assertion Markup Language (SAML) is an open standard for logging users into applications using their sessions in another context. Organizations already know the identity of users when users log in to their Active Directory (AD) domain or the intranet. They use this identity information to log in users to other applications, such as web-based applications using SAML. Individual applications do not need to store credentials and users do not have to remember and manage different sets of credentials for individual applications. SAML single sign-on (SSO) works by transferring the user’s identity from one place (the identity provider) to another (the service provider).

SAML Single Sign-On with Secure Firewall Threat Defense

The Secure Firewall Threat Defense device supports SAML 2.0 single sign-on (SSO) authentication for remote access VPN connections using the Secure Client. You need the following to configure SAML 2.0 SSO on Secure Firewall Threat Defense:

• Identity Provider (IdP)—The Duo Access Gateway acts as the identity provider to perform user authentication and issues assertions.

• Service Provider (SP)—The threat defense device acts as the service provider and obtains the authentication assertion from the identity provider.

• VPN Client—The Secure Client performs SAML 2.0 authentication via the embedded browser.