Common Services: Identity and Access
    : Add an Identity Federation Through Common Services
    Focus
    Download PDF
    Focus
    1. Home
    2. Common Services
    3. Common Services: Identity and Access
    4. Manage Third Party Identity Provider Integrations Through Common Services
    5. Add an Identity Federation Through Common Services
    Download PDF

    Common Services: Identity and Access

    Add an Identity Federation Through Common Services

    Table of Contents

    Add an Identity Federation Through Common Services

    Learn how to add an identity federation through the Common Services.
    Common Services enables you to integrate with a third party identity provider (IDP) to allow access to the platform, rather than adding users directly to the platform itself.
    Identity Federation enables users of different enterprises or domains to use the same digital identity to access all their applications. Technologies for identity federation often include Security Assertion Markup Language (SAML), OAuth, OpenID, and more. Common Services supports SAML and the following IDPs:
    • Okta
    • Azure
    • Ping
    • Onelogin
    • SecureAuth
    • Google Workspace
    • Microsoft Active Directory Federation Service (AD FS)
    • Any other IDPs that follow the SAML standard
    You can add and verify an identity federation from Common ServicesIdentity & AccessIdentity Federations.
    1. Use one of the various ways to access Common ServicesIdentity & Access.
    2. Select Identity & Access. Only one way is shown here.
    3. Select Identity & Access/Access ManagementIdentity FederationsAdd Identity Federation to add an identity federation.
    4. Add the Domain information for your enterprise. The character limit is 50. Special characters are not allowed, with the exception of “-” and “.”
    5. Select Next.
    6. Follow the Instructions for Verification to add a DNS record within your domain name provider.
      1. Copy the TXT record from the Common Services.
      2. Select Finish.
      3. Go to your domain provider’s console and paste the TXT record, so that Palo Alto Networks can verify that you are an owner of the domain. The console details look similar to the following, but all providers are slightly different.
      4. (Optional) In the domain provider’s console, revise your identity provider’s time to live (TTL) setting if you need a faster refresh rate. The TTL setting impacts, for example, how long it takes to verify ownership of the identity federation.
    7. In Common Services, select Verify Now to verify ownership of the identity federation.
    8. (Optional) Add additional owners to manage the identity federation.
    9. Configure a Security Assertion Markup Language (SAML) provider in one of the following ways:

    © 2024 Palo Alto Networks, Inc. All rights reserved.