Single Sign-on Authentication with SAML 2.0

About SAML Single Sign-on Authentication

Security Assertion Markup Language (SAML) is an open standard for logging users into applications based on their sessions in another context. Organizations already know the identity of users when users are logged in to their Active Directory (AD) domain or the intranet. They use this identity information to log users in to other applications, such as web-based applications by using SAML. Individual applications do not need to store credentials and users do not have to remember and manage different sets of credentials for individual applications. SAML sing sign-on (SSO) works by transferring the user’s identity from one place (the identity provider) to another (the service provider).

SAML Single Sign-on with Firepower Threat Defense

The Firepower Threat Defense device supports SAML 2.0 single sign-on (SSO) authentication for remote access VPN connections using the AnyConnect Secure Mobility Client. You need the following to configure SAML 2.0 SSO on Firepower Threat Defense:

• Identity Provider (IdP)—The Duo Access Gateway acts as the identity provider to perform user authentication and issues assertions.

• Service Provider (SP)—The FTD device acts as the service provider and obtains the authentication assertion from the identity provider.

• VPN Client—The AnyConnect Security Mobility Client performs SAML 2.0 authentication via embedded browser.