Cisco Cisco Web Security Appliance S170 Guía Del Usuario
C H A P T E R
7-1
Cisco AsyncOS 8.0.6 for Web User Guide
7
SaaS Access Control
•
•
•
•
•
•
Overview of SaaS Access Control
The Web Security appliance uses the Security Assertion Markup Language (SAML) to authorize access
to SaaS applications. It works with SaaS applications that are strictly compliant with SAML version 2.0.
to SaaS applications. It works with SaaS applications that are strictly compliant with SAML version 2.0.
Cisco SaaS Access Control allows you to:
•
Control which users can access SaaS applications and from where.
•
Quickly disable access to all SaaS applications when users are no longer employed by the
organization.
organization.
•
Reduce the risk of phishing attacks that ask users to enter their SaaS user credentials.
•
Choose whether users are transparently signed in (single sign-on functionality) or prompted to enter
their authentication user name and password.
their authentication user name and password.
SaaS Access Control only works with SaaS applications that require an authentication mechanism
supported by the Web Security appliance. Currently, the Web Proxy uses the
“PasswordProtectedTransport” authentication mechanism.
supported by the Web Security appliance. Currently, the Web Proxy uses the
“PasswordProtectedTransport” authentication mechanism.
To enable SaaS Access Control, you must configure settings on both the Web Security appliance and the
SaaS application:
SaaS application:
Step 1
Configure the web security appliance as
an identity provider.
an identity provider.
Step 2
Create an authentication policy for the
SaaS application.
SaaS application.