Bypass settings for Private Access SAML
You must add a bypass destination for each Private Access gateway. Each gateway is assigned a unique ACS, and each ACS must have a corresponding bypass destination configured.
Steps
-
Select the configured Identity Provider and see the Service Provider Assertion URL field in the SAML Identity Provider with Metadata XML pane.
Note: A complete list of the available ACS URLs for your tenant can be found under Administration > Authentication > Identity ProviderA tenant is provisioned with up to 10 ACS URLS, allowing the tenant up to 10 Private Access gateways (5 for High Availability). More gateways can be added if required. Each URL will be identical except for a sequence number.
-
Add each ACS as a proxy bypass.
- Sign in to the Cloud Security Gateway portal.
- Navigate to Web > Bypass Settings.
- Select the Proxy Bypass tab.
- In the Proxy Bypass list, click Add.
- Enter a name and a description (optional), for example, the name of the internal application, such as "Private Access SAML".
- In the Type drop-down menu, select Domain.
- In the Domain field, add the external FQDN for the ACS as defined in the Private Access management portal.
The ACS FQDN is found in the Private Access management portal, under Administration > Authentication > Identity Provider. Click the name of the configured Identity Provider to view its details, including the Service Provider Assertion URL list.
Example: The FQDN for ACS URL:
https://proxy-0.acme.bba.services.amer.forcepoint.io/acs
will be:
proxy-0.acme.bba.services.amer.forcepoint.io
- Check Send traffic to another proxy.
A dialog displays.
- In the dialog box, enter the service edge address for the ACS.
The service edge is identical to the ACS URL, except that bba is replaced by pa, and port 8080 is added.
The corresponding service edge for:
proxy-0.acme.bba.services.amer.forcepoint.io
will be:
proxy-0.acme.pa.services.amer.forcepoint.io:8080.
- Click Submit.
Repeat this for each ACS URL.