Configuring SSO for custom application

If you choose to enable SAML SSO cutoff, you will need to register Forcepoint ONE SSE with your custom application to recognize Forcepoint ONE SSE as the SSO authority.

Steps

  1. On the apps setting page, click the domain under App Instance.


  2. Select the check box Enable for SAML SSO cutoff for web access.


  3. After you save, select Setup Web SSO to go to the SSO instructions page containing the URL's you will need for registering Forcepoint ONE SSE inside of your Custom Applications.




  4. After configuring the SSO setup inside of your application, you will need to setup the Forcepoint ONE SSE SSO information.
  5. Select Setup next to App SSO.


  6. On the SSO config page, you will need to fill out the SSO URL, SP Entity ID, while also choosing the option for the Application Username, and NameID Format (as well as if the signatures are signed).

    This information is often found on in your applications SSO information setup page.

    You should not be filling out the Recipient or Destination URL by default unless the app you are adding requires it.



    Note:

    When entering the necessary URL information from your application into Forcepoint ONE SSE, make sure you are using the correct URL information for each of the fields. Below are some tips to help you find the proper URL information.

    • The Single Sign-On URL is typically the same URL which is the Assertion Consumer Service or ACS URL in the SAML Request or Apps SSO setup documentation.
    • The SP (Application) Entity ID URL is typically called the Entity ID or the Issuer ID in the SAML Request or Apps SSO setup documentation.
    • Ensure the Recipient and Destination URL are left blank unless specifically required by the application you are adding.
  7. After setup is complete, you will need to setup a Forcepoint ONE SSE policy to have an admin or user access the application via Direct App Access and have them access the application once.
    This will validate the SSO authentication with the application and Forcepoint ONE SSE.
  8. Once the SSO authentication has been validated, you can then perform SSO access control as well as inline DLP actions for upload and download.