Overview of SaaS Access Control
The Web Security appliance uses the Security Assertion Markup Language (SAML) to authorize access to SaaS applications. It works with SaaS applications that are strictly compliant with SAML version 2.0.
Cisco SaaS Access Control allows you to:
- Control which users can access SaaS applications and from where.
- Quickly disable access to all SaaS applications when users are no longer employed by the organization.
- Reduce the risk of phishing attacks that ask users to enter their SaaS user credentials.
- Choose whether users are transparently signed in (single sign-on functionality) or prompted to enter their authentication user name and pass phrase.
SaaS Access Control only works with SaaS applications that require an authentication mechanism that is supported by the Web Security appliance. Currently, the Web Proxy uses the “PasswordProtectedTransport” authentication mechanism.
To enable SaaS Access Control, you must configure settings on both the Web Security appliance and the SaaS application:
Procedure
Command or Action | Purpose | |
---|---|---|
Step 1 |
Configure the Web Security appliance as an identity provider. |
|
Step 2 |
Create an authentication policy for the SaaS application. |
|
Step 3 |
Configure the SaaS application for single sign-on. |
|
Step 4 |
(Optional) Configue multiple Web Security appliances. |
|