Configure SAML Authorization

Before you begin

Ensure that you have configured a single sign-on server like DUO and completed the required Identity Provider (IdP) and Service Provider (SP) settings.

For more information, see Single Sign-On Authentication with SAML 2.0.

Procedure

Step 1

Configure a single sign-on server object if not configured already.

  1. Choose Object > Object Management > AAA Server > Single Sign-on Server

  2. Click Add Single Sign-on Server.

  3. Enter the single sign-on server details and click Save.

For more information, see Add a Single Sign-on Server.

Step 2

Configure SAML authentication in the remote access VPN connection profile.

  1. Choose Devices > Remote Access.

  2. Click Edit on the remote access VPN policy for which you want to configure SAML authorization or create a new policy.

  3. Edit the required connection profile and select AAA.

  4. Select the single sign-on server object from the Authentication Server drop-down.

  5. Save the remote access VPN configuration.

Step 3

Match a SAML criteria in DAP policy.

  1. Select Devices > Dynamic Access Policy.

  2. Create a new DAP or edit an existing one.

  3. Create a DAP record or edit and existing record.

  4. Click AAA Criteria > SAML Criteria > Add SAML Criteria.

  5. Create a SAML criteria based on the SAML assertions returned by the SSO server.

Step 4

Deploy the remote access VPN configuration.