Difference between revisions of "Sentry SSO with Palo Alto"
From Swivel Knowledgebase
| Line 19: | Line 19: | ||
* Identity Provider SSO URL : https://demo.swivelcloud.com/sentry/saml20endpoint | * Identity Provider SSO URL : https://demo.swivelcloud.com/sentry/saml20endpoint | ||
* Identity Provider SLO URL : https://demo.swivelcloud.com/sentry/singlelogout | * Identity Provider SLO URL : https://demo.swivelcloud.com/sentry/singlelogout | ||
| + | * SAML HTTP Binding for SSO Requests to IDP : Select Redirect | ||
| + | * SAML HTTP Binding for SLO Requests to IDP : Select Redirect | ||
| + | |||
| + | Check : "Validate Identity Provider Certificate" | ||
| + | |||
| + | * Maximum Clock Skew (seconds) : 60 | ||
Revision as of 22:10, 24 January 2018
Setup AuthControl Sentry Keys
Before you are able to create a Single Sign On configuration on Google.com, you will need to setup some Keys. Please see a separate article: HowToCreateKeysOnCmi. You will need the certificate you generate in a later section of this article. This can be retrieved from the View Keys menu option of Swivel AuthControl Sentry.
Setup SSO on Palo Alto
SAML IDENTITY PROVIDER SERVER PROFILE
Profile Name: Swivel_sentry (example)
Identity Provider Configuration
- Identity Provider ID : https://demo.swivelcloud.com/sentry/saml20endpoint
- Identity Provider Certificate :
- Identity Provider SSO URL : https://demo.swivelcloud.com/sentry/saml20endpoint
- Identity Provider SLO URL : https://demo.swivelcloud.com/sentry/singlelogout
- SAML HTTP Binding for SSO Requests to IDP : Select Redirect
- SAML HTTP Binding for SLO Requests to IDP : Select Redirect
Check : "Validate Identity Provider Certificate"
- Maximum Clock Skew (seconds) : 60
