Let us learn about the SSO access to Prisma SD-WAN using
Security Assertion Markup Language (SAML)
provides the ability to use customer specific authentication and
authorization schemes to allow or deny end users access to the Prisma
SD-WAN web interface. Identity Provider (IdP) authenticates and
authorizes the administrators to access the Prisma SD-WAN web interface,
instead of Prisma SD-WAN based authentication and authorization.
Prisma SD-WAN supports SAML 2.0-compliant IdP
authorities such as ADFS, Okta, PingFederate, and Salesforce.
SAML involves the Service Provider (SP), the Identity
Provider (IdP), and the end user.
Service Provider—Palo Alto Networks is the Service Provider
who owns the Prisma SD-WAN web interface.
Customer IdP—The authority that authenticates and authorizes
the end user for logging into the Prisma SD-WAN web interface.
User—Administrator who accesses the Prisma SD-WAN web interface.
The images below illustrates the SAML process:
Contact Palo Alto Networks Customer Support to initiate a request
for SAML access.