PDF(5.1 KB) View with Adobe Reader on a variety of devices
ePub(78.6 KB) View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
Mobi (Kindle)(74.0 KB) View on Kindle device or Kindle app on multiple devices
Updated:September 23, 2015
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This document describes how to configure PingFederate and ADFS (Active Directory Federated Services) IDP servers to send user/group details to the Cloud Web Security service in order to granularly filter policies.
Cisco recommends that you have a basic understanding of the following.
Administrative login/access to the PingFed/ADFS server
Knowledge of how to navigate the PingFed/ADFS server
In order for granulairty to work on HTTPS traffic, HTTPS inspection must be enforced for all traffic
Please follow below steps to Configure user/group attributes with PingFederate and ADFS .
Under Attribute sources > User lookup tab:
Attribute Contract: AUTHENTICATED_GROUPS
Attribute Contract: SAML_SUBJECT
Under Trust relationships > Relying party trusts tab:
LDAP Attribute Contract: SAM-Account-Name
Outgoing Claim Type LDAP: Name ID
LDAP Attribute Contract: Token-Groups
Outgoing Claim Type LDAP: Group
There is no troubleshooting section for this document.