Configuring a SAML Single Sign-On Authentication
Before you begin
Ensure that you have done the following before you configure SAML single sign-on with threat defense remote access VPN:
-
Create an account with Duo.
-
Download and install the Duo Access Gateway.
-
Obtain the following from your SAML identity provider (Duo).
-
Identity Provider Entity ID URL
-
Sign-in URL
-
Sign-out URL
-
Identity provider certificate
-
-
Create a SAML single sign-on server object. For more information, see Add a Single Sign-on Server.
NoteYou can create a single sign-on server object in the Connection Profile settings when you create a new policy using the Remote Access VPN policy Wizard.
Procedure
Step 1 | Choose . |
Step 2 | Click Edit next to the remote access VPN policy for which you want to configure SAML authentication. If you want to create a new policy, click Add. |
Step 3 | Click Edit on the connection profile that you want to modify. |
Step 4 | Choose AAA settings and select SAML from the Authentication Method drop-down. |
Step 5 | Choose the required SAML single sign-on server as the Authentication Server. |
Step 6 | Configure the required settings for the remote access VPN. |
Step 7 | Save and deploy the remote access VPN policy on your threat defense device. |