Prisma Access
Configure ADFS as a SAML Provider for Mobile Users
Table of Contents
Configure ADFS as a SAML Provider for Mobile Users
Where Can I Use
This? | What Do I Need? |
|---|---|
|
|
This section describes the steps you perform to integrate Prisma Access with Active
Directory Federation Services (ADFS) 4.0 as a Security Assertion Markup Language
(SAML) identity provider.
Prisma Access users provides enterprise authentication via SAML. When a mobile user
attempts to connect, Prisma Access, acting as the SAML service provider, or SP,
returns an authentication request to the client browser, which in turn sends it to
your SAML identity provider (IdP) to authenticate the user. Use the following
procedure to configure a trust relationship between Prisma Access and your Active
Directory Federation Services (ADFS) 4.0 IdP.
Before you start this procedure, make sure that the ADFS server has the following
prerequisites:
- Check that you can navigate to your AD FS namespace’s initiated sign-on page. The URL is in the formathttps://<namespace><adfs-server-hostname>/adfs/ls/idpinitiatedsignon.aspx, where<namespace>is the namespace for the ADFS server (eitheradfs.or, if you use the Secure Token Service (STS),sts.) and<adfs-server-hostname>is the host name for the ADFS server.An example URL ishttps://adfs.hooli.com/adfs/ls/idpinitiatedsignon.aspx.
- Make sure that you downloaded the federation metadata XML file to a local machine. You must import this file into Panorama to complete the SAML identity provider configuration.To download this file, start AD FS Management on the server running ADFS, then select and find the URL to download the file. The URL is in the formathttps://<adfs-server-hostname>/FederationMetadata/2007-06/FederationMetadata.xml, where<adfs-server-hostname>is the host name for the ADFS server.
