Single Sign On Access using SAML

Let us learn about the SSO access to Prisma SD-WAN using SAML.
Security Assertion Markup Language (SAML) provides the ability to use customer specific authentication and authorization schemes to allow or deny end users access to the Prisma SD-WAN web interface. Identity Provider (IdP) authenticates and authorizes the administrators to access the Prisma SD-WAN web interface, instead of Prisma SD-WAN based authentication and authorization.
Prisma SD-WAN supports SAML 2.0-compliant IdP authorities such as ADFS, Okta, PingFederate, and Salesforce.
SAML involves the Service Provider (SP), the Identity Provider (IdP), and the end user.
  • Service Provider—Palo Alto Networks is the Service Provider who owns the Prisma SD-WAN web interface.
  • Customer IdP—The authority that authenticates and authorizes the end user for logging into the Prisma SD-WAN web interface.
  • User—Administrator who accesses the Prisma SD-WAN web interface.
The images below illustrates the SAML process:
SAML Process
Contact Palo Alto Networks Customer Support to initiate a request for SAML access.
Proceed to request SAML access from Palo Alto Networks Customer Support, followed by exchange metadata, configure user groups or map user groups to Prisma SD-WAN roles in the your IdP system, and verify and enable SAML access to end users to the Prisma SD-WAN web interface.

Recommended For You