OneLogin SAML Authentication with WatchGuard Access Portal. Integration Guide

Similar documents
Okta SAML Authentication with WatchGuard Access Portal. Integration Guide

TDR and Microsoft Security Essentials. Integration Guide

TDR and Windows Defender. Integration Guide

TDR and Symantec. Integration Guide

Mitel Cloud VOIP. Integration Guide

SecureW2 and Wi-Fi Cloud. Integration Guide

Threat Detection and Response. Deployment Guide

Fireware. AP Deployment Guide. WatchGuard APs Gateway Wireless Controller Fireware OS v12.1

Configuring Single Sign-on from the VMware Identity Manager Service to Marketo

Firebox Cloud. Deployment Guide. Firebox Cloud for AWS and Microsoft Azure

Configuration Example

Configuring Single Sign-on from the VMware Identity Manager Service to Trumba

WatchGuard XTMv Setup Guide

Integration Guide. LoginTC

Quick Start Guide WatchGuard Technologies, Inc.

Configuration Example

Google SAML Integration with ETV

WatchGuard XTMv Setup Guide Fireware XTM v11.8

Configuring Single Sign-on from the VMware Identity Manager Service to Vizru

ComponentSpace SAML v2.0 Okta Integration Guide

RSA SecurID Access SAML Configuration for Datadog

SAML SSO Okta Identity Provider 2

RSA SecurID Access SAML Configuration for Samanage

WatchGuard Total Security Complete network protection in a single, easy-to-deploy solution.

Quick Start Guide. WatchGuard XCS Platform Appliance Models: 170, 370, 570, 770, and 770R. Guide de démarrage rapide Kurzanleitung Guida introduttiva

Enabling Single Sign-On Using Okta in Axon Data Governance 5.4

RSA SecurID Access SAML Configuration for Kanban Tool

Configuring and Delivering Salesforce as a managed application to XenMobile Users with 3 rd Party SAML IDP (Identity Provider)

Configuring Single Sign-on from the VMware Identity Manager Service to Exterro E-Discovery

Configuring Single Sign-on from the VMware Identity Manager Service to Bonusly

Configuring Single Sign-on from the VMware Identity Manager Service to Collibra

Centrify for Dropbox Deployment Guide

Integrating VMware Workspace ONE with Okta. VMware Workspace ONE

Integration Guide. PingFederate SAML Integration Guide (SP-Initiated Workflow)

TDR and Panda Fusion. Integration Guide

RSA SecurID Access SAML Configuration for StatusPage

Five9 Plus Adapter for Agent Desktop Toolkit

esignlive SAML Administrator's Guide Product Release: 6.5 Date: July 05, 2018 esignlive 8200 Decarie Blvd, Suite 300 Montreal, Quebec H4P 2P5

INTEGRATING OKTA: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

Configuring Confluence

Integrating the YuJa Enterprise Video Platform with Dell Cloud Access Manager (SAML)

TDR and McAfee. Integration Guide

TDR and ESET Endpoint. Integration Guide

Citrix Federated Authentication Service Integration with APM

About This Document 3. Overview 3. System Requirements 3. Installation & Setup 4

Configuring and Delivering Salesforce as a managed application to XenMobile Users with NetScaler as the SAML IDP (Identity Provider)

Access Manager Applications Configuration Guide. October 2016

TDR and Avast Business Antivirus. Integration Guide

Configure Unsanctioned Device Access Control

Cloud Access Manager How to Configure for SSO to SAP NetWeaver using SAML 2.0

Integration Guide. Auvik

Quick Connection Guide

This topic discusses what's required of SAML IdPs in general and provides a step-by-step procedure for setting up a OneLogin IdP.

TDR and Sophos Software. Integration Guide

TDR and Kaspersky. Integration Guide

TDR and Symantec. Integration Guide

TDR and Malwarebytes. Integration Guide

MyWorkDrive SAML v2.0 Okta Integration Guide

Integration Guide. NetIQ Sentinel Enterprise

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Better MDM

Integrating YuJa Active Learning into Google Apps via SAML

TDR & Bitdefender. Integration Guide

Protecting SugarCRM with SafeNet Authentication Manager

Integration Guide. SecureAuth

REVIEWERS GUIDE NOVEMBER 2017 REVIEWER S GUIDE FOR CLOUD-BASED VMWARE WORKSPACE ONE: MOBILE SINGLE SIGN-ON. VMware Workspace ONE

TDR and Trend Micro. Integration Guide

RECOMMENDED DEPLOYMENT PRACTICES. The F5 and Okta Solution for High Security SSO

Using Microsoft Azure Active Directory MFA as SAML IdP with Pulse Connect Secure. Deployment Guide

Single Sign-On Administrator Guide

MyWorkDrive SAML v2.0 Azure AD Integration Guide

Skybox Product Tour. Installation and Starting Your Product Tour Tour Login Credentials: User Name: skyboxview Password: skyboxview

Add OKTA as an Identity Provider in EAA

Integration Guide. SafeNet Authentication Manager. Using SAM as an Identity Provider for PingFederate

VMware Workspace ONE Quick Configuration Guide. VMware AirWatch 9.1

McAfee Cloud Identity Manager

Cisco Jabber for Android 10.5 Quick Start Guide

Single Sign-On Administrator Guide

Revised: 22 November Integration Guide

MANAGING ANDROID DEVICES: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

Google SAML Integration

Mitel MiContact Center Enterprise WEB APPLICATIONS CONFIGURATION GUIDE. Release 9.2

Webthority can provide single sign-on to web applications using one of the following authentication methods:

Using Your Own Authentication System with ArcGIS Online. Cameron Kroeker and Gary Lee

Integration Guide. Eduroam

OUR SECURITY, DELIVERED YOUR WAY

SOLO NETWORK. UTM-Enabled Network Protection. Unlocking the Promise of

Upland Qvidian Proposal Automation Single Sign-on Administrator's Guide

Zendesk Connector. Version 2.0. User Guide

Morningstar ByAllAccounts SAML Connectivity Guide

Administering Workspace ONE in VMware Identity Manager Services with AirWatch. VMware AirWatch 9.1.1

WebEx Connector. Version 2.0. User Guide

SAML 2.0 SSO. Set up SAML 2.0 SSO. SAML 2.0 Terminology. Prerequisites

Security Provider Integration SAML Single Sign-On

McAfee Cloud Identity Manager

Security Provider Integration SAML Single Sign-On

Configuring and Delivering ServiceNow as a managed application to XenMobile Users with 3 rd Party SAML IDP (Identity Provider)

Securing Your Airspace with WatchGuard s Wireless Intrusion Prevention (WIPS)

Yubico with Centrify for Mac - Deployment Guide

McAfee Cloud Identity Manager

Introduction to application management

Transcription:

OneLogin SAML Authentication with WatchGuard Access Portal Integration Guide

i WatchGuard Technologies, Inc.

One Login SAML Authentication with WatchGuard Access Portal Deployment Overview You can configure Single Sign-On to use SAML authentication and enable your users to log in through one portal and get access to multiple services. This document describes how to set up SAML authentication through the WatchGuard Access Portal with OneLogin as the Identity Provider. Integration Summary Hardware and Service Versions: OneLogin Portal: o November 2017 WatchGuard FireboxV : o Fireware OS v12.1 o Feature key with an Access Portal license Test Topology This integration uses OneLogin Portal to communicate with a WatchGuard Firebox over a public internet connection. OneLogin SAML Authentication with WatchGuard Access Portal Integration Guide 1

Configure Your Firebox for OneLogin Because the WatchGuard Access Portal is a subscription service, before you can enable the Access Portal feature and configure it on your Firebox, you must add an Access Portal license to your Firebox feature key. To configure the Access Portal settings on your Firebox for OneLogin, from Fireware Web UI: 1. Select Subscription Services > Access Portal. The Access Portal page appears with the Applications tab selected by default. 2. Select the Enable Access Portal check box. 3. Click Save 4. Select the User Connection Settings tab. Click Configure. The SAML tab appears. 5. Select the Enable SAML check box. 6. In the Service Provider (SP) Settings section, type the IdP Name and Host Name. You add the IdP settings later in this process. IdP Name Specify a name for the SAML authentication to appear in other Firebox settings as the server name. Host Name Specify the fully qualified domain name that resolves to the Firebox external interface. 2 WatchGuard Technologies, Inc.

4. Select Save. 5. Go to https://<host name>/auth/saml. 6. Make sure you have this information from the /auth/saml page: SAML Entity ID in this format: https://<host name>/auth/saml. Assertion Consumer Service (ACS) URL in this format: https://<host name>/auth/saml/acs. Single Logout Service (SLS) URL in this format: https://<host name>/auth/saml/sls. Copy the certificate. OneLogin SAML Authentication with WatchGuard Access Portal Integration Guide 3

4 WatchGuard Technologies, Inc.

Configure Your OneLogin Portal To import the information from the WatchGuard Web UI and to get the IdP Metadata URL: 1. Log in to your OneLogin account. 2. Select Apps > Add Apps. 3. In the search text box, type SAML Test Connector. A list of connector options appears. 4. Select SAML Test Connector (IDP) w/encrypt signed assertions. 5. On the Configuration page, in the Display Name text box, type a descriptive name for this configuration. 6. To enable your users to see the configuration in the portal, select Visible in portal. Select an icon option: Rectangular Icon Square Icon OneLogin SAML Authentication with WatchGuard Access Portal Integration Guide 5

7. Click Save. 8. To create a group for users, select Users > Groups > New Group. 9. In the Group Security Policy text box, type a descriptive name for the group. 10. From the Security Policy drop-down list, select Default policy. 11. Click Save. 12. To add a user in OneLogin, select Users > All Users > New User. 6 WatchGuard Technologies, Inc.

13. In the Groups section, from Group drop-down list, select the group you created. 14. Click Save User. 15. Select Users > All Usersand select the user you created. 16. Select the Authentication tab. 17. From the User Security Policy drop-down list, select Default policy. OneLogin SAML Authentication with WatchGuard Access Portal Integration Guide 7

18. Select the Applications tab. 19. Verify the SAMLTest Connector appears in the Applications list. 20. Select the SAML Test Connector application. The Edit SAML Test Connector appears. 21. To enable users to sign in, select the Allow user to sign in check box. 22. Verify that the NameID is the email address of the user you created. 8 WatchGuard Technologies, Inc.

23. Click Save 24. Click Save User. SAML Configuration in OneLogin App 1. Select Apps > Company Apps. 2. Select the Configuration tab. 3. Specify these settings: RelayState Leave blank. Audience https://<your host name>/auth/saml The label in the Access Portal pages is SAML Entity ID. Recipient https://<your host name>/auth/saml/acs The label in the Access Portal pages is Assertion Consumer Service (ACS) URL. ACS (Consumer) URL Validator https://<your host name>/auth/saml/acs The label in the Access Portal pages is Assertion Consumer Service (ACS) URL. ACS (Consumer) URL: https://<your host name>/auth/saml/acs The label in the Access Portal pages is Assertion Consumer Service (ACS) URL. OneLogin SAML Authentication with WatchGuard Access Portal Integration Guide 9

Single Logout URL https://<your host name>/saml/sls 4. In the Public Key text box, paste the certificate you copied from the WatchGuard SAML 2.0 Configuration for WatchGuard Access Portal. 5. Select the Parameters tab. 6. In the Credentials are section, select Configured by admin or Configured by admins and shared by all users based on your company's credential policy. 7. Vericy that the NameID setting is Email. 10 WatchGuard Technologies, Inc.

8. Select the SSO tab. 9. Save a copy of the Issuer URL. You will add this URL in the SAML configuration under the IdP Metadata URL. 10. From the SAML Signature Algorithm drop-down list, select SHA-256. 11. To enable assumed sign-in, select the Allow assumed users to sign into this app check box. 12. Click Save. OneLogin SAML Authentication with WatchGuard Access Portal Integration Guide 11

Complete the WatchGuard SAML Setup From Fireware Web UI: 1. Select Subscription Services > Access Portal. 2. Select the User Connection Settings tab. 3. Select Configure > SAML. 4. In the IdP Metadata URL text box, paste the Issuer URL you copied from the OneLogin setup. 5. Click Save. Test the Integration Now you can test the integration with the group name you created. From Fireware Web UI: 1. Select Authentication > Users and Groups. 2. Click Add. The Add User or Group page appears. 3. Type the the Name and Description of the group. 4. From the Authentication Server drop-down list, select the authentication server where the user or group exists. 12 WatchGuard Technologies, Inc.

5. Click OK. The Users and Groups page appears. 6. Click Save. 7. To add an RDP Host to the Access Portal, select Subscription Services > Access Portal. 8. Click Add. Select the Host Desktop Access (RDP). The RDP Host page appears. 9. From the Authentication Server drop-down list, select the name of the SAML configuration. 10. From the Type drop-down list, select Group. 11. In the Name text box, type the name of the group you created. OneLogin SAML Authentication with WatchGuard Access Portal Integration Guide 13

After you have completed these configuration steps, users in the group you added can sign in to either the OneLogin account or to a resource configured with OneLogin Single Sign-On. 1. Type the URL for the portal in this format: https://<host name>. The Log In page appears with the name of the SAML portal you configured at the top of the page. 2. To log in, click the name of the SAML portal. In this example, click MY_ONELOGIN. The user can now get access to the resource. 14 WatchGuard Technologies, Inc.

About This Guide Guide Type Documented Integration WatchGuard or a Technology Partner has provided documentation demonstrating integration. Guide Details WatchGuard provides integration instructions to help our customers configure WatchGuard products to work with products created by other organizations. If you need more information or technical support about how to configure a third-party product, see the documentation and support resources for that product. Information in this guide is subject to change without notice. Companies, names, and data used in examples herein are fictitious unless otherwise noted. No part of this guide may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of WatchGuard Technologies, Inc. Guide revised: 1/16/2018 Copyright, Trademark, and Patent Information Copyright 1998 2018 WatchGuard Technologies, Inc. All rights reserved. All trademarks or trade names mentioned herein, if any, are the property of their respective owners. Complete copyright, trademark, patent, and licensing information can be found in the Copyright and Licensing Guide, available online at http://www.watchguard.com/wgrd-help/documentation/overview. About WatchGuard WatchGuard Technologies, Inc. is a global leader in network security, providing best-in-class Unified Threat Management, Next Generation Firewall, secure Wi-Fi, and network intelligence products and services to more than 75,000 customers worldwide. The company s mission is to make enterprisegrade security accessible to companies of all types and sizes through simplicity, making WatchGuard an ideal solution for Distributed Enterprises and SMBs. WatchGuard is headquartered in Seattle, Washington, with offices throughout North America, Europe, Asia Pacific, and Latin America. To learn more, visit WatchGuard.com. For additional information, promotions and updates, follow WatchGuard on Twitter, @WatchGuard on Facebook, or on the LinkedIn Company page. Also, visit our InfoSec blog, Secplicity, for real-time information about the latest threats and how to cope with them at www.secplicity.org. Address 505 Fifth Avenue South Suite 500 Seattle, WA 98104 Support www.watchguard.com/support U.S. and Canada +877.232.3531 All Other Countries +1.206.521.3575 Sales U.S. and Canada +1.800.734.9905 All Other Countries +1.206.613.0895 OneLogin SAML Authentication with WatchGuard Access Portal Integration Guide 15

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback