>
    Strata Copilot
    Single Sign On Access using SAML
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma SD-WAN
    3. Prisma SD-WAN Administrator Authorization and Authentication
    4. Single Sign On Access using SAML
    Download PDF
    Prisma SD-WAN

    Single Sign On Access using SAML

    Table of Contents

    Single Sign On Access using SAML

    Let us learn about the SSO access to Prisma SD-WAN using SAML.
    Where Can I Use This?What Do I Need?
    • Prisma SD-WAN
    • Prisma SD-WAN license
    Security Assertion Markup Language (SAML) provides the ability to use customer specific authentication and authorization schemes to allow or deny end users access to the Prisma SD-WAN web interface. Identity Provider (IdP) authenticates and authorizes the administrators to access the Prisma SD-WAN web interface, instead of Prisma SD-WAN based authentication and authorization.
    Prisma SD-WAN supports SAML 2.0-compliant IdP authorities such as ADFS, Okta, PingFederate, and Salesforce.
    SAML involves the Service Provider (SP), the Identity Provider (IdP), and the end user.
    • Service Provider—Palo Alto Networks is the Service Provider who owns the Prisma SD-WAN web interface.
    • Customer IdP—The authority that authenticates and authorizes the end user for logging into the Prisma SD-WAN web interface.
    • User—Administrator who accesses the Prisma SD-WAN web interface.
    The images below illustrates the SAML process:
    SAML Process
    Contact Palo Alto Networks Customer Support to initiate a request for SAML access.
    Proceed to request SAML access from Palo Alto Networks Customer Support, followed by Exchange SAML Metadata, configure user groups or map user groups to Prisma SD-WAN roles in the your IdP system, and verify and enable SAML access to end users to the Prisma SD-WAN web interface.

    Related CLIs

    © 2025 Palo Alto Networks, Inc. All rights reserved.