Define a private application for SAML authentication

If you plan to enable SAML authentication in your policy rules, you must configure a SAML authentication private application that links the Forcepoint single sign-on Assertion Consumer Service (ACS) URL with the hosting site you are using for SAML authentication. The SAML authentication private application is used to ensure the SAML assertion from your identity provider is redirected to the Private Access service.

This task is required if you plan to enable SAML authentication for your private application policy rules.

Steps

  1. Go to Administration > Private applications.
  2. Click New.
  3. Give the application a Name (for example, "SAML authentication") and an optional description.
  4. In the Site field, select the private application hosting site for which you plan to enable SAML authentication.
    Note: SAML authentication is supported for a single private application hosting site.
  5. In the External FQDN field, enter the domain of the Forcepoint Assertion Consumer Service (ACS) URL.
    This URL is shown on the Administration > Authentication > Identity provider page. Click the name of your configured identity provider to view and copy the Service Provider Assertion Consumer Service URL. Enter the domain only. For example: 
    saml.services.amer.forcepoint.io
  6. Set the Protocol to HTTPS.
  7. Leave the Port field blank.
  8. In the Internal address field, enter the following IP address: 
    116.50.59.233
  9. Click Save, then Deploy Changes.

Next steps

If you are using Cloud Security Gateway, you must also configure a proxy bypass setting for the SAML application, in the Cloud Security Gateway portal, on the Proxy Bypass tab of the Web > Bypass Settings page.