Cisco Cisco Web Security Appliance S170 사용자 가이드

7-2

AsyncOS 8.6 for Cisco Web Security Appliances User Guide

Chapter 7 SaaS Access Control

Authenticate SaaS Users

Step 1

Configure the “PasswordProtectedTransport” value when you create a SaaS Application Authentication
Policy using the Authentication Context setting

Step 2

Choose “Automatic” as the Authentication Context setting.

Related topics

•

Creating SaaS Application Authentication Policies, page 7-4

Certificates and Keys

When the browser prompts users to authenticate, the browser sends the authentication credentials to the
Web Proxy using a secure HTTPS connection. The appliance uses its own certificate and private key to
create an HTTPS connection with the client by default. Most browsers will warn users that the certificate
is not valid. To prevent users from seeing the invalid certificate message, you can upload a certificate
and key pair your organization uses.

Configuring the Appliance as an Identity Provider

When you configure the Web Security appliance as an identity provider, the settings you define apply to
all SaaS applications it communicates with. The Web Security appliance uses a certificate and key to
sign each SAML assertion it creates.

Before You Begin

•

(Optional) Locate a certificate (PEM format) and key for signing SAML assertions.

•

Upload the certificate to each SaaS application.

Step 1

Choose > Identity Provider for SaaS.

Step 2

Click Edit Settings.

Step 3

Check Enable SaaS Single Sign-on Service.

Step 4

Enter a virtual domain name in the Identity Provider Domain Name field.

Step 5

Enter a unique text identifier in the Identity Provider Entity ID field (a URI formatted string
is recommended).

Step 3

Configure the SaaS application for single
sign-on.

Configuring End-user Access to the Single
Sign-on URL, page 7-6

Step 4

(Optional) Configue multiple Web
Security appliances.

Using SaaS Access Control and Multiple
Appliances, page 7-4