Difference between revisions of "Sentry SSO with Palo Alto"

From Swivel Knowledgebase
Jump to: navigation, search
Line 11: Line 11:
 
'''SAML IDENTITY PROVIDER SERVER PROFILE'''
 
'''SAML IDENTITY PROVIDER SERVER PROFILE'''
  
Profile Name: Swivel_sentry (example)
+
* Profile Name: Swivel_sentry (example)
  
 
Identity Provider Configuration
 
Identity Provider Configuration
Line 25: Line 25:
  
 
* Maximum Clock Skew (seconds) : 60
 
* Maximum Clock Skew (seconds) : 60
 +
 +
 +
'''AUTHENTICATION PROFILE'''
 +
 +
* Name : SAML
 +
 +
TAB : Authentication
 +
 +
* Type : SAML
 +
* IdP Server Profile : Swivel_sentry
 +
* Certificate for Signing Requests :
 +
  Check : "Enamble Single Logout"
 +
* Certificate Profile : Swivel
 +
 +
User Attributes in SAML Messages from IDP
 +
* Username Attribute : username

Revision as of 22:25, 24 January 2018


Setup AuthControl Sentry Keys

Before you are able to create a Single Sign On configuration on Google.com, you will need to setup some Keys. Please see a separate article: HowToCreateKeysOnCmi. You will need the certificate you generate in a later section of this article. This can be retrieved from the View Keys menu option of Swivel AuthControl Sentry.

Setup SSO on Palo Alto

SAML IDENTITY PROVIDER SERVER PROFILE

  • Profile Name: Swivel_sentry (example)

Identity Provider Configuration

 Check : "Validate Identity Provider Certificate"
  • Maximum Clock Skew (seconds) : 60


AUTHENTICATION PROFILE

  • Name : SAML

TAB : Authentication

  • Type : SAML
  • IdP Server Profile : Swivel_sentry
  • Certificate for Signing Requests :
 Check : "Enamble Single Logout"
  • Certificate Profile : Swivel

User Attributes in SAML Messages from IDP

  • Username Attribute : username