Prisma SD-WAN
Single Sign On Access using SAML
Table of Contents
Expand All
|
Collapse All
Prisma SD-WAN Docs
-
-
-
- CloudBlade Integrations
- CloudBlades Integration with Prisma Access
-
-
-
-
- 6.5
- 6.4
- 6.3
- 6.2
- 6.1
- 5.6
- New Features Guide
- On-Premises Controller
- Prisma SD-WAN CloudBlades
- Prisma Access CloudBlade Cloud Managed
- Prisma Access CloudBlade Panorama Managed
Single Sign On Access using SAML
Let us learn about the SSO access to Prisma SD-WAN using
SAML.
Where Can I Use This? | What Do I Need? |
---|---|
|
|
Security Assertion Markup Language (SAML)
provides the ability to use customer specific authentication and
authorization schemes to allow or deny end users access to the Prisma
SD-WAN web interface. Identity Provider (IdP) authenticates and
authorizes the administrators to access the Prisma SD-WAN web interface,
instead of Prisma SD-WAN based authentication and authorization.
Prisma SD-WAN supports SAML 2.0-compliant IdP
authorities such as ADFS, Okta, PingFederate, and Salesforce.
SAML involves the Service Provider (SP), the Identity
Provider (IdP), and the end user.
- Service Provider—Palo Alto Networks is the Service Provider who owns the Prisma SD-WAN web interface.
- Customer IdP—The authority that authenticates and authorizes the end user for logging into the Prisma SD-WAN web interface.
- User—Administrator who accesses the Prisma SD-WAN web interface.
The images below illustrates the SAML process:

Contact Palo Alto Networks Customer Support to initiate a request
for SAML access.
Proceed to request SAML access from Palo Alto Networks Customer Support, followed by Exchange SAML Metadata, configure user groups or map user groups to Prisma SD-WAN
roles in the your IdP system, and verify and enable SAML access to end users to
the Prisma SD-WAN web interface.
Related CLIs
- Config Banner
- Debug Log Agent EAL File Log
- Debug Logging Facility
- Debug Logs Dump
- Debug Logs Follow
- Debug Logs Tail
- Debug Process
- Debug Reboot
- Debug Service Link Logging
- Debug Time Sync
- File Export
- File Remove
- File Space Available
- File Tailf Log
- File View Log
- Inspect Certificate
- Inspect CGNX Infra Role
- Inspect Connection
- Inspect Process Status
- Inspect Switch MAC Address Table
- Dump Auth Config
- Dump Auth Status
- Dump Banner Config
- Dump Device Accessconfig
- Dump Device Conntrack Count
- Dump Device Date
- Dump Device Info
- Dump Device Status
- Dump Radius Config
- Dump Radius Statistics
- Dump Radius Status
- Dump Sensor Type
- Dump Sensor Type Summary
- Dump Time Config
- Dump Time Log
- Dump Time Status
- Dump Troubleshoot Message
- Clear Switch MAC Address Entries
- Clear Device Account Login