Create new SAML profiles through the SAML Identity Providers page.
Steps
-
Sign in to Forcepoint ONE Platform.
-
Select Admin from application waffle.
-
Click the SAML
icon on the left navigation. Following screen is displayed:
-
Next, click the +Add SAML Profile button.
-
Enter the IDP Code and Description.
Note: The IDP Code is required. The profile cannot be saved without a code.
-
Click Save. The profile is saved and the Edit SAML Profile page is displayed.
Note: After the initial profile is saved, two additional read-only fields are shown in the General Details section: ACS URL (the URL
location where the SAML assertion is sent with an HTTP POST) and Logout Response URL (the URL location on the service provider where the identity
provider sends its sign out response).
-
In the IdP Metadata section, select the IdP Metadata option from the drop-down menu. This selection defines how Forcepoint RBI gets the SAML identity provider metadata.
-
After you select the IdP Metadata option, complete the other fields in this section. Some fields are only available with specific IdP
Metadata options:
- IdP Metadata File: The SAML metadata file from the identity provider. This field is available if you selected IdP Metadata
File from the IdP Metadata drop-down menu. After you provide the metadata file, the other fields auto-populate.
- IdP Metadata URL: The SAML metadata URL from the identity provider. This field is available if you selected IdP Metadata
URL from the IdP Metadata drop-down menu. After you provide the URL, click Get Metadata to auto-populate
the other fields.
- IdP Certificate: The SAML identity provider certificate.
- End-point URL: The SAML identity provider endpoint URL to which the SAML authentication request is sent.
- Issuer URL: A unique identity provider identifier where the security assertion originated.
- Single Log-out URL: The SAML URL for logging out of the identity provider.:
-
Click Save.
-
A pop-up window displays asking if you want to download the SP metadata. Click Yes to download the SPMetadata.xml file. If you click
No, you can download the metadata file later from the SAML Profiles page.
-
Use the SPMetadata.xml file to configure the identity provider.
Note: After the initial profile is saved, two additional read-only fields are shown in the General Details section: ACS URL (the URL location where the SAML assertion is sent with an HTTP POST) and Logout Response URL (the URL location on the service provider where the identity provider sends its sign out response).