Cisco Cisco Web Security Appliance S680 Guía Del Usuario
Chapter 14 Controlling Access to SaaS Applications
Understanding How SaaS Access Control Works
14-6
Cisco IronPort AsyncOS 7.1 for Web User Guide
OL-23207-01
•
Identity provider initiated flows. Administrators should make the single
sign-on URL available to end users to access this SaaS application. For
example, administrators can create an internal web page that includes this
URL as a link. After users login, the appliance redirects users to the SaaS
application.
sign-on URL available to end users to access this SaaS application. For
example, administrators can create an internal web page that includes this
URL as a link. After users login, the appliance redirects users to the SaaS
application.
•
Service Provider initiated flows. Administrators should configure this URL
in the SaaS application. The SaaS application uses the single sign-on URL to
redirect the browser session depending on the “SaaS SSO Authentication
Prompt” setting in the policy group:
in the SaaS application. The SaaS application uses the single sign-on URL to
redirect the browser session depending on the “SaaS SSO Authentication
Prompt” setting in the policy group:
–
Always prompt SaaS users for proxy authentication. A Web Security
appliance page appears where users can enter their local authentication
credentials. After entering valid credentials, users are logged into the
SaaS application.
appliance page appears where users can enter their local authentication
credentials. After entering valid credentials, users are logged into the
SaaS application.
–
Transparently sign in SaaS users. Users are logged into the SaaS
application automatically.
application automatically.
The Web Security appliance uses the application name configured in the SaaS
Application Authentication Policy to generate the single sign-on URL. You can
view the single sign-on URL on the Web Security Manager > SaaS Policies page
after you submit the changes.
Application Authentication Policy to generate the single sign-on URL. You can
view the single sign-on URL on the Web Security Manager > SaaS Policies page
after you submit the changes.
The single sign-on URL format is:
http://IdentityProviderDomainName/SSOURL/ApplicationName
Therefore, when the appliance Identity Provider Domain Name is
idp.example.com and the application name in the SaaS Application
Authentication Policy is GoogleApps, the single sign-on URL is:
idp.example.com and the application name in the SaaS Application
Authentication Policy is GoogleApps, the single sign-on URL is:
http://idp.example.com/SSOURL/GoogleApps
Using SaaS Access Control with Multiple Appliances
When you use multiple Web Security appliances with SaaS Access Control, you
must perform the following steps:
must perform the following steps:
•
Configure the same Identity Provider Domain Name for each Web Security
appliance.
appliance.
•
Configure the same Identity Provider Entity ID for each Web Security
appliance.
appliance.