Create an Application Group

Before you begin

Create a Zero Trust Application Policy

Procedure

Step 1

Click Add Application Group.

Step 2

In the Application Group section, type the name in the Name field and click Next.

Step 3

In the SAML Service Provider (SP) Metadata section, the data is dynamically generated. Copy the values of the Entity ID and Assertion Consumer Service (ACS) URL fields or click Download SP Metadata to download this data in XML format for adding it to the IdP. Click Next.

Step 4

In the SAML Identity Provider (IdP) Metadata section, add the metadata using any one of the methods:

  • XML File Upload—Choose a file or drag and drop the XML file.

    The details of the Entity ID, Single Sign-On URL, and IdP Certificate are displayed.

  • Manual Configuration—Perform these steps:

    • Entity ID—Enter the URL that is defined in the SAML IdP to identify a service provider uniquely.

    • Single Sign-On URL—Enter the URL for signing into the SAML identity provider server.

    • IdP Certificate—Choose the certificate of the IdP enrolled in threat defense to verify the messages signed by the IdP.

      Click the Add (add icon) icon to configure a new certificate enrollment object. For more information, see Add Certificate Enrollment.

  • Configure Later—In the event you do not have the IdP metadata, you can configure it later.

Click Next.

Step 5

In the Re-authentication Interval section, enter the value in the Timeout Interval field and click Next.

The re-authentication interval allows you to provide a value that determines when a user must authenticate again.

Step 6

In the Security Zones and Security Controls section, the security zones and threat settings are inherited from the parent policy. You can override these settings. Click Next.

Step 7

Review the configuration summary. Click Edit to modify the details in any of the sections. Click Finish.

Step 8

Click Save.

The Application Group is created and is displayed on the Zero Trust Application page.

What to do next

  1. Create an Application.

  2. Deploy configuration changes. See Deploy Configuration Changes in the Cisco Secure Firewall Management Center Administration Guide.