Configuring SAML (Single Sign On)

Security Assertion Markup Language (SAML)

Cisco Secure Email Gateway and Cloud Gateway support SAML 2.0 SSO, allowing administrative users to log in to the appliance's web interface using the same credentials to access other SAML 2.0 SSO-enabled services within their organization.

Want to know more? See: What Is SAML?

For instance, if you enable Duo, Microsoft AD FS, or Azure as your SAML Identity Provider (IdP), then you can configure your appliance as a Service Provider (SP) to support SAML 2.0 SSO. Users can sign in once and have access to all SAML 2.0 SSO-enabled services.

  • SAML is an XML-based open-standard data format that enables administrators to access a defined set of Cisco collaboration applications seamlessly after signing into one of those applications.
  • SAML describes the exchange of security-related information between trusted business partners.
  • It is an authentication protocol used by service providers (for example. Cisco Email Security appliance ) to authenticate a user.
  • SAML enables the exchange of security authentication information between an Identity Provider (IdP) and a Service provider.
  • To know more, SAML Specifications (care of SAML XML.org]

Benefits

  • Seamless login to Multiple Security appliances by entering the credentials only once.
  • It reduces password fatigue by removing the need for entering a different user name and password combinations for a different Security appliance.
  • It improves productivity because you spend less time re-entering credentials for the same identity.
  • With this Mechanism, we offload the authentication work to Identity Provider (IdP) and security appliance products only take care of authorization, easy to identify the changes made by an administrator as the audit logs will indicate which AD user logged in which was not the case when using a Common Credentials.

Examples of SSO SAML IdPs

  • Duo Access Gateway (DAG) adds two-factor authentication, complete with popular cloud services using SAML 2.0 federation.
  • Active Directory Federation Services (ADFS) is a Single Sign-On (SSO) solution created by Microsoft.
  • Azure Active Directory (AzureAD) uses the SAML 2.0 protocol to enable applications to provide a single sign-on experience to their users.
  • Okta supports authentication with an external SAML Identity Provider (IdP).
  • PingOne from PingIdentity.