Configuring SSO for custom application
If you choose to enable SAML SSO cutoff, you will need to register Forcepoint ONE SSE with your custom application to recognize Forcepoint ONE SSE as the SSO authority.
Steps
-
On the apps setting page, click the domain under App Instance.
-
Select the check box Enable for SAML SSO cutoff for web access.
-
After you save, select Setup Web SSO to go to the SSO instructions page containing the URL's you will need for registering Forcepoint ONE SSE inside of your Custom Applications.
-
Select Setup next to App SSO.
-
On the SSO config page, you will need to fill out the SSO URL, SP Entity ID, while also choosing the option for the
Application Username, and NameID Format (as well as if the signatures are signed).
This information is often found on in your applications SSO information setup page.
You should not be filling out the Recipient or Destination URL by default unless the app you are adding requires it.
Note:When entering the necessary URL information from your application into Forcepoint ONE SSE, make sure you are using the correct URL information for each of the fields. Below are some tips to help you find the proper URL information.
- The Single Sign-On URL is typically the same URL which is the Assertion Consumer Service or ACS URL in the SAML Request or Apps SSO setup documentation.
- The SP (Application) Entity ID URL is typically called the Entity ID or the Issuer ID in the SAML Request or Apps SSO setup documentation.
- Ensure the Recipient and Destination URL are left blank unless specifically required by the application you are adding.
-
Once the SSO authentication has been validated, you can then perform SSO access control as well as inline DLP actions for upload and download.
