The Umbrella User Guide Developer Hub

Welcome to the Umbrella User Guide developer hub. You'll find comprehensive guides and documentation to help you start working with Umbrella User Guide as quickly as possible, as well as support if you get stuck. Let's jump right in!

Get Started    

Configure SAML Integrations

SAML single sign-on (SSO) authentication for logging into the Umbrella dashboard is a separate topic. For information on configuring SAML SSO, see Enable Single Sign-On.

Because Umbrella is not an open proxy, Umbrella must trust the source forwarding web traffic to it. This can be accomplished by assigning either a Network or Tunnel identity to a Web policy. Policies created in this fashion apply broadly to any web traffic originating from the network or tunnel. However, to create more granular policies for users or groups, SAML can be implemented.

gateway.id.swg.umbrella.com must be sent to the Umbrella SWG and not sent directly to the internet.

Identities obtained from SAML can be matched to users and groups which have have been provisioned by manually importing a CSV file from Active Directory, or automatically by using Active Directory-based provisioning with the Umbrella AD Connector.

SAML Identities and Web Policies

When configuring a Web policy to obtain the identity through SAML, you must enable SAML through the Web policy wizard and HTTPS inspection. HTTPS Inspection is required because Umbrella needs to see into HTTPS packets for the SAML cookie acting as the authentication token/surrogate. Umbrella also requires that you install a root certificate on all client machines egressing from networks or tunnels where SAML is enabled. For more information about Web policies, see Add a Web Policy.

SAML Data Flow

Before You Begin

  • SAML metadata must have a signing key.
  • If you are using an on-premises IDP such as ADFS, ensure that traffic to the IDP bypasses the proxy to avoid an authentication loop.
  • Configure SAML with your Identity Provider (IdP) that supports SAML 2.0 POST profiles.
  • Download your IdP's metadata file in XML format.

For AD Based Provisioning

  • Configure the Connector for automatic provisioning of users and groups. For more information about configuring the Connector, see the Active Directory Setup Guide.

For Manual Import

  • Export your Active Directory user and group objects to a CSV file. We recommend using CSVDE.EXE from a domain controller. Refer to Microsoft's documentation for instructions on using this utility, Command-Line Reference: Csvde.

Log Format and Versioning < Configure SAML Integrations > Configure Your SAML IdP

Updated 6 months ago

Configure SAML Integrations


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.