SAML Identity Providers Configuration

As mentioned in Getting Started with Safous article, you can integrate with 3rd party identity service that leverage SAML authentication approach. Before you could do that, please check these KB down below to ensure you have the Admin access and can accessed it:


  1. login to
  2. Go to Settings tab> ZTNA
  3. In Configurations, choose Identity Provider
  4. It will open the list of identity providers that have been integrated, by default it only has local
  5. Click on New IDP, which it will expand the form of IDP
  6. Input the name and ensure the status is enable (green)
  7. Ensure you are choosing the SAML for the identity provider setting
  8. You need to input SAML setting based on the external IDP that you want to integrate. For details about some know IDP integration can be found in here
  9. You could changed the default behavior for the MFA Mode setting
  10. If you choose MFA Mode to as "Mandatory", then you cloud select MFA Method whether use "Scan QR", "Provide Phone Number" or both
  11. On Setting Enroll you could request user the information for Personal Desktop by enable the option
  12. You can choose the enrollment behavior for the Identity Provider that you tried to integrate

    • Admin rollout --- Means that every user need to be added by admin in users
    • Self service enrollment --- Means user or external IDP can directly enrolled by themselves but not yet activated. Enable Activate users automatically when they complete enrollment so the user can automatically activated.
  13. Once you done with the configuration, click "Save"
  14. If everything correctly configured, you can login to the user portal https://users.<xxxx> and check "With IdP", which you will see your SAML configuration