Common Services: Identity and Access
    : Add an Identity Federation Through Common Services
    Focus
    Download PDF
    Focus
    1. Home
    2. Common Services
    3. Common Services: Identity and Access
    4. Manage Third Party Identity Provider Integrations Through Common Services
    5. Add an Identity Federation Through Common Services
    Download PDF

    Common Services: Identity and Access

    Add an Identity Federation Through Common Services

    Table of Contents

    Add an Identity Federation Through
    Common Services

    Learn how to add an identity federation through the
    Common Services
    .
    Common Services
     enables you to integrate with a third party identity provider (IDP) to allow access to the platform, rather than adding users directly to the platform itself.
    Identity Federation enables users of different enterprises or domains to use the same digital identity to access all their applications. Technologies for identity federation often include Security Assertion Markup Language (SAML), OAuth, OpenID, and more.
    Common Services
     supports SAML and the following IDPs:
    • Okta
    • Azure
    • Ping
    • Onelogin
    • SecureAuth
    • Google Workspace
    • Microsoft Active Directory Federation Service (AD FS)
    • Any other IDPs that follow the SAML standard
    You can add and verify an identity federation from
    Common Services
    Identity & Access
    Identity Federations
    .
    1. Use one of the various ways to access
      Common Services
      Identity & Access
      .
    2. Select
      Identity & Access
      . Only one way is shown here.
    3. Select
      Identity & Access/Access Management
      Identity Federations
      Add Identity Federation
       to add an identity federation.
    4. Add the
      Domain
       information for your enterprise. The character limit is 50. Special characters are not allowed, with the exception of “-” and “.”
    5. Select
      Next
      .
    6. Follow the
      Instructions for Verification
       to add a DNS record within your domain name provider.
      1. Copy the TXT record from the
        Common Services
        .
      2. Select
        Finish
        .
      3. Go to your domain provider’s console and paste the TXT record, so that Palo Alto Networks can verify that you are an owner of the domain. The console details look similar to the following, but all providers are slightly different.
      4. (
        Optional
        ) In the domain provider’s console, revise your identity provider’s time to live (TTL) setting if you need a faster refresh rate. The TTL setting impacts, for example, how long it takes to verify ownership of the identity federation.
    7. In
      Common Services
      , select
      Verify Now
       to verify ownership of the identity federation.
    8. (
      Optional
      ) Add additional owners to manage the identity federation.

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.