Creating a new SAML profile

Create a new SAML profile through the SAML Identity Providers page.

Steps

  1. Sign in to Forcepoint ONE Platform.
  2. From the application waffle, select Admin.
  3. From the left Navigation Pane, click the SAML icon.

    The following page opens displaying existing SAML Profiles.



  4. To add a new SAML Profile, click +Add SAML Profile.

    The Add SAML Profile opens on the right pane.



  5. Under the General Details section:
    1. Enter an unique IDP Code and Description.
      Note: The IDP Code is required. The profile cannot be saved without a code.
    2. To the SAML Profile, click Save.

      The SAML profile gets created.



      The Add SAML Profile pane also displays ACS URL, and Logout Response URL read-only fields under the General Details section along with an additional section, IDP Metadata.

      • ACS URL - The URL location where the SAML assertion is sent with an HTTP POST.
      • Logout Response URL - The URL location on the service provider where the identity provider sends its sign out response.
  6. On the IdP Metadata section, select one of the following option from the IdP Metadata drop-down to define how Forcepoint ONE Platform gets the SAML identity provider metadata.
    • Manual (default) - Select the Manual option to manually enter all the required metadata information.
    • IDP Metadata URL - Select the IDP Metadata URL option to pull IdP metadata information from an URL.
    • IDP Metadata File - Select the IDP Metadata File option to pull IdP metadata information from an XML file.
  7. If you have selected Manual from the IdP Metadata drop-down, then the following fields are displayed:
    • IdP Certificate: The SAML identity provider certificate.
    • End-point URL: The SAML identity provider endpoint URL to which the SAML authentication request is sent.
    • Issuer URL: A unique identity provider identifier where the security assertion originated.
    • Single Log-out URL: The SAML URL for logging out of the identity provider.
  8. If you have selected IDP Metadata URL from the IdP Metadata drop-down, then the following fields are displayed:
    • Metadata URL: The SAML metadata URL from the identity provider. After you provide the URL, click Get Metadata to auto-populate the other fields.
    • IdP Certificate: The SAML identity provider certificate.
    • End-point URL: The SAML identity provider endpoint URL to which the SAML authentication request is sent.
    • Issuer URL: A unique identity provider identifier where the security assertion originated.
    • Single Log-out URL: The SAML URL for logging out of the identity provider.
  9. If you have selected IDP Metadata File from the IdP Metadata drop-down, then the following fields are displayed:
    • IdP Metadata File: The SAML metadata file from the identity provider. After you provide the metadata file, the other fields auto-populate.
    • IdP Certificate: The SAML identity provider certificate.
    • End-point URL: The SAML identity provider endpoint URL to which the SAML authentication request is sent.
    • Issuer URL: A unique identity provider identifier where the security assertion originated.
    • Single Log-out URL: The SAML URL for logging out of the identity provider.
  10. To save the changes made, click Save.
  11. To download and use the SPMetadata.xml file to configure the identity provider, follow the steps below:
    1. Click the SAML Profile to view the SAML profile details.
    2. Place your mouse pointer on the icon and then click Download.


      A metadata file gets downloaded. Use the same metadata file while configuring identity provider.