Manage Third Party Identity Provider Integrations Through Common Services
Expand all | Collapse all
Manage Third Party Identity Provider Integrations Through
Common Services
Learn how to manage Third Party Identity Provider Integrations
through
Common Services
, such as: adding, updating, and
deleting SAML identity providers.
Common Services
: Identity and Access enables
you to manage third party identity provider integrations.
Add an Identity Federation to integrate with
a third party identity provider (IDP) to allow access to the platform, rather than
adding users directly to the platform itself. Identity Federation enables users of
different enterprises or domains to use the same digital identity to access all
their applications.
After you add an identity federation, you can configure a Security Assertion Markup Language
(SAML) provider in one of the following ways:
After you add an identity federation, you can
Configure Palo Alto Networks as a
Service Provider by downloading the service provider (SP) metadata from
Common Services. The SP metadata helps you configure your identity provider
integration with Palo Alto Networks as an SP, so that you don’t have to provide the
details manually.
If you want to grant authorization to your users
by passing the login information through your Security Assertion Markup Language
(SAML) provider, you can
Map a Tenant for Authorization. By using the
tenant mapping, you no longer have to add users and access directly through Common
Services, but that option is still available.
When assigning an access policy to a user or a
service account (such as in mapping a tenant for SAML authorization purposes), the
PAN Resource Name Mapping identifies the
tenant or tenant service group (TSG) hierarchy where you are applying access
policies.