Applies To: Locally-managed Fireboxes
To simplify the login process for Firebox users, you can enable Security Assertion Markup Language (SAML) single sign-on (SSO). After you configure SAML SSO, users only have to type their credentials once to connect to applications. For more information, go to Configure SAML Single Sign-On.
You can configure SSO and SAML to authenticate with:
- Access Portal
- Authentication Portal (Fireware v12.11 or higher)
- Mobile VPN with SSL client (Fireware v12.11 or higher)
SAML 2.0 is a standard that specifies how a Service Provider (SP) and an Identity Provider (IdP) exchange user identity information. When you configure your Firebox for SAML SSO, the Firebox operates as the SP. The IdP is a third-party service that you specify.
The IdP must meet the WatchGuard requirements for SAML 2.0 connections. For more information about SAML connection requirements, go to SAML Requirements for Identity Providers.
Users can authenticate with SAML SSO in two different ways:
- SP initiated SSO — The user connects to the Firebox to authenticate
- IdP initiated SSO — The user connects to the IdP to authenticate
For detailed information about SAML, go to RFC 7522.
For the Access Portal, SAML SSO applies only to web applications. You cannot use SAML SSO for RDP or SSH connections in the Access Portal.