Sentry SSO with Palo Alto
From Swivel Knowledgebase
Setup AuthControl Sentry Keys
Before you are able to create a Single Sign On configuration on Google.com, you will need to setup some Keys. Please see a separate article: HowToCreateKeysOnCmi. You will need the certificate you generate in a later section of this article. This can be retrieved from the View Keys menu option of Swivel AuthControl Sentry.
Setup SSO on Palo Alto
SAML IDENTITY PROVIDER SERVER PROFILE
- Profile Name: Swivel_sentry (example)
Identity Provider Configuration
- Identity Provider ID : https://demo.swivelcloud.com/sentry/saml20endpoint
- Identity Provider Certificate :
- Identity Provider SSO URL : https://demo.swivelcloud.com/sentry/saml20endpoint
- Identity Provider SLO URL : https://demo.swivelcloud.com/sentry/singlelogout
- SAML HTTP Binding for SSO Requests to IDP : Select Redirect
- SAML HTTP Binding for SLO Requests to IDP : Select Redirect
Check : "Validate Identity Provider Certificate"
- Maximum Clock Skew (seconds) : 60
AUTHENTICATION PROFILE
- Name : SAML
TAB : Authentication
- Type : SAML
- IdP Server Profile : Swivel_sentry
- Certificate for Signing Requests :
Check : "Enamble Single Logout"
- Certificate Profile : Swivel
User Attributes in SAML Messages from IDP
- Username Attribute : username