Cisco Umbrella SAML Single Sign-On (SSO) integration
This topic contains procedures to configure Cisco Umbrella for Single Sign-On (SSO) in CyberArk Identity using SAML.
Cisco Umbrella SSO supported features
This application template supports IdP-initiated SSO.
Prerequisites for Cisco Umbrella SSO
Before you configure Cisco Umbrella for SSO, make sure you have an account in Cisco Umbrella with administrator access.
Configure the Cisco Umbrella app template in the Identity Administration portal
Perform these steps in the Identity Administration portal to configure the Cisco Umbrella application template for SSO.
Step 1: Add the Cisco Umbrella web app template.
In the Identity Administration portal, select Apps & Widgets > Web Apps, then click Add Web Apps.
On the Search page, enter the application name in the Search field and click the search button.
Next to the application name, click Add.
On the Add Web App page, click Yes to confirm.
Click Close to exit the Application Catalog.
The application opens to the Settings page.
Step 2: Configure the Trust page.
Click Trust to go to the Trust page.
In the Identity Provider Configuration section, select Metadata, then click Download Metadata File to download the IdP metadata. You will need this file later when you configure the SAML integration in Cisco Umbrella.
In the Service Provider Configuration section, select Metadata and click Choose File to upload the SP metadata file you downloaded from Cisco Umbrella. To obtain this file, see Configure Cisco Umbrella for SAML single sign-on
Step 3: Configure the Permissions page to grant Cisco Umbrella users SSO access.
Grant SSO access to Cisco Umbrella by assigning permissions to users, groups, or roles.
On the Permissions page, click Add.
Select the user(s), group(s), or role(s) that you want to grant permissions to, then click Add.
The added object appears on the Permissions page with View, Run, and Automatically Deploy permissions selected by default.
Select the permissions you want and click Save.
Default permissions automatically deploy the application to the User Portal if the Show in user app list option is selected on the Settings page. Do not select this option if you intend to use only SP-initiated SSO.
Change the permissions if you want to add additional control or if you prefer not to automatically deploy the application.
Step 4: Review and save.
Review your settings to confirm your configuration. For example, you might want to verify that you selected the appropriate users, groups, or roles on the Permissions page. Click Save when you are satisfied.
Configure Cisco Umbrella for SAML single sign-on
Perform these steps in Cisco Umbrella to configure the Cisco Umbrella app template for SSO.
Sign in to Cisco Umbrella as an administrator.
Go to Admin > Authentication.
In the SAML Dashboard User Configuration section, select Continue. From the SAML SSO dropdown menu, click Other, then Next.
On the Cisco Umbrella Metadata page, click Download XML File, then click Next. Add this file to the Service Provider Configuration in CyberArk Identity as described in Configure the Trust page.
On the Upload and Verify Other Metadata page, upload the metadata file you downloaded from CyberArk Identity (in Configure the Trust page., then click Next.
Test the Cisco Umbrella SSO configuration
Now that you have finished configuring the application template settings in the Identity Administration portal and Cisco Umbrella, Cisco Umbrella users can benefit from IdP-initiated SSO.
Sign in to CyberArk Identity with the user account you just added.
Click the Cisco Umbrella application tile to launch Cisco Umbrella in a new tab and automatically sign in.