Configuring Single Sign-On (SAML)

Created by Jason Carreiro, Modified on Fri, 24 Jun, 2022 at 2:42 PM by Jason Carreiro

Scenario:



Proofpoint Essentials supports integration with Identity Providers for authentication adhering to Security Assertion Markup Language (SAML) standards. Multiple identity providers for an organization are fully supported.

Proofpoint Essentials supports single sign-on (SSO) via Security Assertion Markup Language. When working with an external IdP, it can be set up as your identity provider (IdP) for SSO to Proofpoint Admin Console.

 

Creating An Identity Provider (IdP) For Single Sign-On:

  1. Navigate to Administration > Account Management > Identity Providers.

    clipboard_ed6d9e743a57df22c428e7246e1fecdd6.png
  2. At the top right-hand corner, click Add Identity Provider.

  3. In the New Identity Provider dialog panel, add a meaningful name and description to the Identity Provider. The given name will display on the Identity Provider button on the main login screen.

    clipboard_e946fd91f0029aee8976ed4ced3edb42c.png

  4. In the Icon section, select the appropriate icon according to your desired integration.

  5. Click Next.
  6. Configure the necessary SAML assertions for Single Sign-On configuration to be used in the organizations Identity Provider portal. Copy and paste into your Identity Provider.

    Entity ID - Some vendors may refer to it as Assertion Consumer Service, Identifier or Entity ID. This dictates the entity or audience the SAML Assertion is intended for. This field is frequently referred to as the Entity ID or Audience URI by vendors. It can technically be any string of data up to 1024 characters long but is usually in the form of a URL that contains the Service Provider’s name within and is often simply the same URL as the ACS.

    Login URL - Sign on URL is used if you would like to perform service provider-initiated single sign-on.

    Logout URL - This URL is used to send the SAML logout response back to the application..

    X.509 Certificate - Certificate used to sign SAML tokens issued to your Proofpoint Essentials.

    clipboard_e9a8ec55882c91b0175d1d57f159e4cac.png

  7. Configure the necessary SAML assertions for Single Sign-On configuration to be used in Proofpoint Essentials. Copy and paste from your Identity Provider.

    clipboard_eac1fc944e17bdfcb0ee1b6546a5e399c.png
  8. Turn on the Identity Provider by clicking Enable Single Sign-On. When enabled, the Identity Provider Sign in button will display on main login screen.
  9. Click Save and Close.