Cisco Cisco Web Security Appliance S170 사용자 가이드
16-8
Cisco IronPort AsyncOS 7.5.7 for Web User Guide
Chapter 16 Controlling Access to SaaS Applications
Creating SaaS Application Authentication Policies
Note
After you upload the certificate and key, you can download the generated certificate to
transfer it to the SaaS applications with which the Web Security appliance will
communicate. Do this using the Download Certificate link in the generated key area.
transfer it to the SaaS applications with which the Web Security appliance will
communicate. Do this using the Download Certificate link in the generated key area.
e.
Go to step
Step 7
To generate a certificate and key:
a.
Click the Use Generated Certificate and Key option.
b.
Click Generate New Certificate and Key.
c.
In the Generate Certificate and Key dialog box, enter the information to display in the signing
certificate.
certificate.
Note
You can enter any ASCII character except the forward slash ( / ) in the Common Name field.
d.
Click Generate. The Web Security appliance generates the certificate with the data you entered and
generates a key.
generates a key.
The generated certificate information is displayed on the Edit Identity Provider Settings for SaaS
Single Sign on page.
Single Sign on page.
Note
After you generate the certificate and key, you can download the generated certificate to
transfer it to the SaaS applications with which the Web Security appliance will
communicate. Do this using the Download Certificate link in the generated key area.
transfer it to the SaaS applications with which the Web Security appliance will
communicate. Do this using the Download Certificate link in the generated key area.
e.
Optionally, you can download the Certificate Signing Request (CSR) using the Download
Certificate Signing Request link so you can submit it to a certificate authority (CA). After you
receive a signed certificate from the CA, click Browse and navigate to the signed certificate
location. Click Upload File. You can do this anytime after generating the certificate on the
appliance.
Certificate Signing Request link so you can submit it to a certificate authority (CA). After you
receive a signed certificate from the CA, click Browse and navigate to the signed certificate
location. Click Upload File. You can do this anytime after generating the certificate on the
appliance.
Step 8
Submit and commit your changes.
Creating SaaS Application Authentication Policies
After you configure the Web Security appliance as an identity provider and you configure a SaaS
application for single sign-on, you can create a SaaS Application Authentication Policy so the Web
Security appliance can communicate with the SaaS application and enable web browser single sign-on.
application for single sign-on, you can create a SaaS Application Authentication Policy so the Web
Security appliance can communicate with the SaaS application and enable web browser single sign-on.
Consider the following rules and guidelines when you configure the SaaS application information in a
SaaS Application Authentication Policy:
SaaS Application Authentication Policy:
•
The Assertion Consumer Service Location URL must be must be resolvable within the network.
•
The appliance constructs a single sign-on (SSO) login URL for each SaaS application based on the
value you enter the Identity Provider Domain Name field for the appliance and the SaaS application
name configured in the SaaS policy. For more information, see
value you enter the Identity Provider Domain Name field for the appliance and the SaaS application
name configured in the SaaS policy. For more information, see
.
To create a SaaS Application Authentication Policy: