Sending SAML attributes from Forcepoint ONE SSE to the cloud application

You can configure Forcepoint ONE SSE on a per application basis to send additional attributes with the SAML assertion sent to the protected cloud application.

This is useful for applications that also require other attributes to be sent for authentication. You can pass any of the attributes mentioned in Sending SAML attributes from IdP to Forcepoint ONE SSE as well as 2 additional attributes for customization as needed (a SAML attribute that is being passed by the 3rd party IdP or static value that must be passed for all users).

1. When adding any application or configuring the application settings during setup, select App SSO: Setup from the application's settings page.

   

2. At the bottom of the page, you will see a table titled Attribute Statements. Here, you can select any attribute you wish to pass from Forcepoint ONE SSE to the protected application.

   

   1. Click the green plus icon to add a new row to the table.
   2. Enter the actual name of the attribute being passed.
   3. Select the format the attribute is in.

      

   4. Select the value for the attribute being passed.

      

Additional Attributes

There are two additional attributes not included in the above table.

• saml.attribute: This is an attribute that is being sent by a third party IdP and needs to be passed along to the cloud application. When selecting this option, you will need to also manually enter the value of the attribute in XML format.

  

• manual.static_value: This is an attribute that is statically set and sent for all users connecting to the application (as in the value does not change). When selecting this attribute, you will need to manually enter the value of the attribute in xml format.