SAML-based authentication for private applications
You can enable SAML-based authentication within your private application policy rules to enable single sign-on access to your internal applications. If a request matches a private application policy rule that requires SAML authentication, the service triggers a SAML request to your configured identity provider.
- 1
- The end user requests a private application resource.
- 2
- If the request is matched to a policy that requires SAML authentication, the service redirects the request back to the user with a SAML authentication request.
- 3
- The identity provider checks the user's authentication status and may require the user to sign in.
- 4
- If the user is successfully authenticated, the identity provider generates a SAML assertion and sends this back to the end user's browser, which forwards it to the Private Access service.
- 5
- The user details are checked against the Private Access user directory. If the user is permitted to access the resource, the request is redirected back to the user's browser.
- 6
- The request is forwarded to the appropriate private application hosting site using the site's IPsec tunnels, and the user accesses the internal resource.