Any SAML IdP: Configuring Forcepoint Data Security Cloud | SSE as a SAML SP
Use the configuration information to register Forcepoint Data Security Cloud | SSE as a SAML SP on other external SAML IdP.
Note: Forcepoint Data Security Cloud | SSE UI supports UTF-8 characters. However, the SAML
assertion only supports low-ASCII characters as attribute values. If an attribute value contains characters that are not low-ASCII, then SAML sign-in failures occur.
The following metadata URL will be used to register Forcepoint Data Security Cloud | SSE as a service provider.
- SAML Metadata URL: https://portal.bitglass.com/sso/metadata/
- SAML ACS Endpoint: https://portal.bitglass.com/sso/acs/
Otherwise, refer to the table below for manual configuration of the SAML settings:
| SAML | Response Setting | Notes |
|---|---|---|
| SSO URL | https://portal.bitglass.com/sso/acs/ | Used also for Recipient URL and Destination URL. |
| Name ID Format | EmailAddress | |
| Entity ID | https://sso.bitglass.com | This is the default URL used for the first IdP added to Forcepoint Data Security Cloud | SSE. If
you add any subsequent URLs to Forcepoint Data Security Cloud | SSE, the Entity ID will be https://saml.bitglass.com/<character string> where
<character string> is a random generated set of characters Forcepoint Data Security Cloud | SSE will use to identify the IdP. Make sure you are copying the Entity ID from
the Forcepoint Data Security Cloud | SSE IdP setup page to get the right URL when setting up your
configuration in your external IdP. |
| Assertion | Signed, Not Encrypted | |
| Response | Not Signed, Not Encrypted | |
| relay_state | IdP initiate auth: bg_portal_login SP initiated auth: bg_saml_login |
For SP initiated auth, Forcepoint Data Security Cloud | SSE will set the relay_state parameter in the SAML request to bg_saml_login. The relay_state parameter should not be altered by the IdP. Refer to the Advanced IdP Settings to learn more about configuring the Default Relay State. |
| Signature Algorithm | RSA_SHA256 | |
| Digest Algorithm | SHA256 | |
| SAML Single Logout | Disabled | |
| Authentication Context Class | PasswordProtectedTransport | |
| Honor Force Authentication | No |