Cisco Cisco Web Security Appliance S160 User Guide
C H A P T E R
7-1
AsyncOS 8.8 for Cisco Web Security Appliances User Guide
7
SaaS Access Control
•
•
•
•
•
Overview of SaaS Access Control
The Web Security appliance uses the Security Assertion Markup Language (SAML) to authorize access
to SaaS applications. It works with SaaS applications that are strictly compliant with SAML version 2.0.
to SaaS applications. It works with SaaS applications that are strictly compliant with SAML version 2.0.
Cisco SaaS Access Control allows you to:
•
Control which users can access SaaS applications and from where.
•
Quickly disable access to all SaaS applications when users are no longer employed by the organization.
•
Reduce the risk of phishing attacks that ask users to enter their SaaS user credentials.
•
Choose whether users are transparently signed in (single sign-on functionality) or prompted to enter
their authentication user name and password.
their authentication user name and password.
SaaS Access Control only works with SaaS applications that require an authentication mechanism that is
supported by the Web Security appliance. Currently, the Web Proxy uses the “PasswordProtectedTransport”
authentication mechanism.
supported by the Web Security appliance. Currently, the Web Proxy uses the “PasswordProtectedTransport”
authentication mechanism.
To enable SaaS Access Control, you must configure settings on both the Web Security appliance and the
SaaS application:
SaaS application:
Step 1
Configure the Web Security appliance as
an identity provider.
an identity provider.
Step 2
Create an authentication policy for the
SaaS application.
SaaS application.
Step 3
Configure the SaaS application for single
sign-on.
sign-on.
Step 4
(Optional) Configue multiple Web
Security appliances.
Security appliances.