Enable SAML Authentication
You can enable Single Sign On using SAML to authenticate users and assign groups of users to Cisco rules.
Before you begin
Make sure that you have configured the SAML profiles with Service Provider and Identity Provider settings. See How to Configure SSO on your Cisco Security Management Appliance.
Procedure
Step 1 | Navigate to Management Appliances > System Administration > Users. |
Step 2 | Scroll down to the External Authentication section. |
Step 3 | Click Enable. |
Step 4 | Select the Enable External Authentication check box. |
Step 5 | Select SAML as the authentication type from the drop-down list. |
Step 6 | (Optional) In the External Authentication Attribute Name Map field, enter the attribute name to search from the Group Mapping. The Attribute Name depends on the attributes that you configure for the Identity Provider. The appliance will search for matching entries of the Attribute Name in the Group Mapping field. This is optional and if you do not configure, the appliance will search for matching entries of all attributes present in the Group Mapping field. |
Step 7 | In the Group Mapping field, enter the group name attribute as defined in the SAML directory based on the predefined or custom user role. You can click Add Row to add multiple role mappings. The Group Mapping must contain a group attribute. You can add 'Unspecified Groups' attribute to authenticate SAML assertions or response. For more information on types of user roles, see Users Page. |
Step 8 | Submit and commit your changes. |
What to do next
After you enable SAML external authentication, you can use the Use Single Sign On link on the login page of the appliance and enter the username to log in to the appliance.