To connect to an Access Portal web application, users must specify a user name and password twice: once on the login page and once to connect to the web application.
To simplify the login process for Access Portal users, you can enable Security Assertion Markup Language (SAML) single sign-on (SSO). After you configure SAML SSO, Access Portal users only have to type their credentials once to connect to web applications.
SAML 2.0 is a standard that specifies how a Service Provider (SP) and an Identity Provider (IdP) exchange user identity information. When you configure your Firebox for SAML SSO, the Firebox operates as the SP. The IdP is a third-party service that you specify.
The IdP must meet the WatchGuard requirements for SAML 2.0 connections. For more information about SAML connection requirements, see SAML Requirements for Identity Providers.
Users can authenticate with SAML SSO two different ways:
- SP initiated SSO — The user connects to the Access Portal to authenticate
- IdP initiated SSO — The user connects to the IdP to authenticate
For detailed information about SAML, see RFC 7522.
For the Access Portal, SAML SSO applies only to web applications. You cannot use SAML SSO for RDP or SSH connections in the Access Portal.