Introduction

The end user single sign-on feature (SSO) allows seamless authentication for end users browsing via Forcepoint Web Security Cloud, using a supported identity provider (IdP). When enabled, the cloud service uses your identity provider to authenticate user identity, attributes, and roles using your enterprise directory.

Single sign-on is a convenient and secure way of sharing logon credentials across your estate, streamlining the authentication process across multiple systems, and providing seamless authentication in cases where the Forcepoint Web Security Endpoint cannot be used. Forcepoint uses the Security Assertion Markup Language (SAML 2.0) data format to send authentication requests to and receive responses from your identity provider. All communications between components are secured.

When single sign-on is enabled, end users are redirected to the identity provider specified in their policy when connecting to the proxy. Once users have been authenticated by the provider, they are directed back to the proxy, and the appropriate policy applied to their web request. Clients who have authenticated once do not need to re-authenticate for a set period of time.