This guide provides instructions to integrate Prisma Access with Beyond Identity to deliver secure and frictionless authentication for your extended workforce, contractors, consultants, agents, and suppliers.
Prisma Access integrates with Beyond Identity Secure Workforce using SAML 2.0 protocol. Prisma Access acts as the SAML Service Provider and Beyond Identity acts as the SAML Identity Provider. Global Protect Cloud Services mobile agent uses this integration to login passwordlessly to Prisma Access.
Contents
How this integration works
Prerequisites
- Prisma Access tenant
- Beyond Identity Secure Workforce tenant (with users configured and enrolled)
Configure Beyond Identity
To configure Beyond Identity as the SAML Identity Provider:
- Login to Beyond Identity Admin console.
- Go to Integrations > SAML.
- Click Add SAML Connection.
- Enter the following values
- Name: Beyond Identity IdP-Global Protect
- SP Single Sign-on URL: https://<prisma_access_tenant_name>.gpcloudservice.com:443/SAML20/SP/ACS
- SP Audience URI: https://<prisma_access_tenant_name>.gpcloudservice.com:443/SAML20/SP
- Name ID format: unspecified
- Subject User Attribute: UserName
- Request Binding: http redirect
- Authentication Context Class: X509
- Signed Response: Signed
- Click Save Changes.
- On the right side of the newly created entry, click the Download Metadata icon to download the metadata file.
Configure Prisma Access
To configure Prisma Access as the SAML Service Provider:
- Log into the Prisma Access Admin UI.
- Go to Manage > Configuration > Identity Services > Authentication.
- Select Mobile Users > GlobalProtect using the drop-down next to Authentication.
- Go to Authentication Profiles.
- Click Add Profile.
- Enter "Beyond Identity IdP - GlobalProtect" as the Profile Name.
- Click Import MetaData.
- Click Choose File and select the metadata file downloaded from the Beyond Identity Admin console.
- Click Import.
- Click Save.
Comments
0 comments
Please sign in to leave a comment.