Configurations
      Back to home
      1. Support Center
      2. Safous ZTA Admin Guide
      3. Configurations

      SAML Identity Providers Configuration

      As mentioned in the Getting Started with Safous article, you can integrate with 3rd party identity service that leverages SAML authentication approach.

      Prerequisites

      Before you continue to the article, please ensure that you have:

      Configuring SAML Identity Providers in Safous Admin Portal

      1. Login to Safous Admin portal
      2. Navigate to Settings tab > ZTNA > Configurations > Identity Provider. It will display the list of identity providers that have been integrated. By default, it only has local IdP if you have not integrated with other IdP yet.

      3. Click on the New IdP button, it will expand the form of IDP which you will need to configure.
      4. Fill in the name and ensure that the status of the IdP is enabled (green).
      5. Ensure you are choosing SAML for the identity provider setting.
      6. You must configure the SAML settings according to the external Identity Provider you wish to integrate. For details about some known IDP integration can be found in here.
      7. You can configure settings for MFA by choosing the MFA mode and MFA methods. Available MFA mode options are Mandatory, No MFA, and External MFA. By default, it is set to Mandatory.

        1. In Mandatory MFA mode, the settings for MFA utilize Safous' built-in methods, which include scanning a QR code and providing a phone number. You can also enable MFA using Email if you have configured it as mentioned in this article.
        2. If you choose No MFA mode, the users who are using the IdP will not be asked to enter MFA when they login to the user portal.
        3. If you choose External MFA, Safous will delegate the users' MFA verification to the IdP. The available MFA methods defer to the MFA settings configured in that IdP.
      8. You can optionally enable automatic user provisioning from the IdP using SCIM, if the IdP has the capability to support SCIM provisioning. For more details regarding SCIM, please refer to this article.
      9. On the Settings enroll, you can request user information for Personal Desktop by enabling the option.
      10. You can choose the enrollment behavior for the Identity Provider that you wish to integrate.

        • Admin rollout --- Means that every user needs to be added by the admin in Users page.
        • Self service enrollment --- Means user who uses this IdP can directly be enrolled by themselves, but not yet activated. Enable Activate users automatically when they complete enrollment so the user can automatically be activated.
      11. Once you done with the configuration, click "Save"
      12. If everything is configured correctly, you can log in to the user portal (https://login.<tenant>.ztna.safous.com) and choose to log in With IdP, where you will see your integrated SAML external IdP.