About SAML Single Sign-On (SSO)

To connect to an Access Portal web application, users must specify a user name and password twice: once on the login page and once to connect to the web application.

To simplify the login process for Access Portal users, you can enable Security Assertion Markup Language (SAML) single sign-on (SSO). After you configure SAML SSO, Access Portal users only have to type their credentials once to connect to web applications.

SAML 2.0 is a standard that specifies how a Service Provider (SP) and an Identity Provider (IdP) exchange user identity information. When you configure your Firebox for SAML SSO, the Firebox operates as the SP. The IdP is a third-party service that you specify.

The IdP must meet the WatchGuard requirements for SAML 2.0 connections. For more information about SAML connection requirements, see SAML Requirements for Identity Providers.

Users can authenticate with SAML SSO two different ways:

SP initiated SSO — The user connects to the Access Portal to authenticate
IdP initiated SSO — The user connects to the IdP to authenticate

For detailed information about SAML, see RFC 7522.

SAML SSO applies only to web applications in the Access Portal. You cannot use SAML SSO for RDP or SSH connections in the Access Portal.

About SAML Single Sign-On (SSO)

See Also