The Umbrella User Guide Developer Hub

Welcome to the Umbrella User Guide developer hub. You'll find comprehensive guides and documentation to help you start working with Umbrella User Guide as quickly as possible, as well as support if you get stuck. Let's jump right in!

Get Started    

Configure OpenAM for SAML

OpenAM for SAML configuration can be authenticated in one of two ways: By uploading the identity provider's (IdP) metadata file or by manually configuring with specific IdP fields.

Table of Contents

Configure OpenAM for SAML with Metadata Upload

  1. Navigate to Deployments > Configuration > SAML Configuration and click Add.
  2. Select OpenAM and click Next.
  1. Select XML File Upload.
  1. Download the Umbrella metadata file (SP metadata file) and click Next.
    The Umbrella SP metadata includes the Service Provider Issuer ID, the assertion consumer endpoint URL information, and the SAML request signing certificate from Cisco Umbrella. This metadata is required when configuring your IdP for Umbrella.

Note: Your IdP must send the Cisco Umbrella User Principle Name in the NameID attribute in the SAML assertion. For more information on configuring your IdP, exporting your IdP metadata, obtaining your IdP details, or downloading your IdP signing certificate, see your vendor's documentation.

  1. Upload your IdP's metadata file in XML format and click Next.
  1. From the Re-Authenticate Users drop-down list, choose how often Umbrella re-authenticates users: Never, Daily, Weekly, or Monthly.
  1. Click Save. Your new configuration appears as SAML Web Proxy Configuration.

Configure OpenAM for SAML Manually

  1. Navigate to Deployments > Configuration > SAML Configuration and click Add.
  2. Select OpenAM and click Next.
  1. Select Manual Configuration.
  1. Download the Umbrella metadata file (SP metadata file) and click Next.
    The Umbrella SP metadata includes the Service Provider Issuer ID, the assertion consumer endpoint URL information, and the SAML request signing certificate from Cisco Umbrella. This metadata is required when configuring your IdP for Umbrella.

  2. Enter the appropriate information to configure OpenAM's provider metadata and click Next.

    • Entity ID—A globally unique name for an identity provider
    • Endpoint—The URL used to communicate with your identity provider.
    • Signing Keys—Your identity provider’s x.509 certificate used to sign the authentication request.
    • Signed Authentication Request (optional)—You can sign the authentication request for this IdP.
  1. From the Re-Authenticate Users drop-down list, choose how often Umbrella re-authenticates users: Never, Daily, Weekly, or Monthly.
  1. Click Save. Your new configuration appears as SAML Web Proxy Configuration.

Configure PingID for SAML < Configure OpenAM for SAML > Configure Other IdPs for SAML

Updated 16 days ago

Configure OpenAM for SAML


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.