How to Set Up SAML Authentication for your Identity Provider using Cloud Access Security Broker (CASB)
The Security Assertion Markup Language (SAML) protocol allows you to exchange user authentication information between Identity Providers (IDPs) and Service Providers (SPs). In this configuration guide, we'll see how to configure SAML authentication with a cloud access security broker (CASB) dashboard to improve the security of your Identity Provider (IDP) and mitigate the risk of unauthorized access to it.
Step
1: Sign up with miniOrange CASB
Step 2: Configure your Identity Provider
- Sign in to miniOrange IAM using the same credentials as the CASB dashboard and navigate to the Apps section.
(In this guide, we are using miniOrange as the IDP, but you can contact us at proxysupport@xecurify.com to set up your preferred IDP.)
- You will see a list of all configured applications. Click Add Application to create a new one.
- Search for the Custom SAML App in the search box and click on it.
- Enter a custom application name and click on the Import SP Metadata button in the right corner.
- Add the App Name, and select the file option in SP Metadata. Next, click on the Choose File button. Select the file downloaded in Step 1 and click on Import Button.
- After the file is successfully uploaded, Click on Next Button.
- In the Attribute Mapping section, follow these steps:
- Click on the Add Attribute button.
- Enter groups as the Attribute Name and select User Groups as the Attribute Value.
- Add another attribute by clicking Add Attribute again.
- Enter fullname as the Attribute Name and select Full Name as the Attribute Value.
- Click on the Save button to apply the changes.
- Now, you will be redirected to the Applications, screen where your configured application will be listed. Click on the three dots next to the application and select the Metadata option.
- In the View IDP Metadata section, click on the copy to clipboard next to the Metadata URL to copy it.
- Return to the CASB Dashboard tab, in the Configure Authentication Source section, locate the IDP Metadata section, and click on Upload Metadata.
- In Import IDP Metadata, select Import Format as URL, add IDP Metadata url copied from miniOrange IDP, and click the Import button.
- A prompt will appear confirming that the metadata has been uploaded successfully. Click Save to finalize the configuration.
- Now, return to miniOrange IDP, click on the Users tab in the navigation menu on the left and select User List.
- In the Add User page, add the user's personal details like Email, Username, First Name, Last Name, Phone and Password and click on the Create User Button. (To add multiple users, use Bulk User Registration feature)
- Now, go to the Groups tab, select Manage Groups, and click on the Create Group button.
- In the Add Group section, enter a name for the group in the Group Name field and click on the Create Group button.
- In the Manage Groups section, search for the newly created group and click on the select button next to it. Click on Assign Users option in the dropdown.
- On the Assign Users page, follow these steps:
- select the checkbox for the user created in here.
- Click on the Select Action button and choose Assign to group.
- Click Apply to add users to the group.
- Now, return to the CASB Dashboard and click on Test Connection in the action button for the Authentication Source.
- You will be redirected to the miniOrange IDP Sign-in screen. Enter the credentials for the user added in the previous steps.
- You will see the Test Configuration Screen with all the details.
- You have successfully configured SAML Authentication with a Cloud Access Security Broker (CASB).
External References
miniOrange Cloud Access Security Broker (CASB) offers a wide variety of security features with flexible scalability, all available at the most affordable price to all types of businesses. Start by signing up now!