Configure Deep Security as a SAML service provider

As the first step in the SAML single sign-on configuration, you will need to set up Deep Security as a service provider.

For a more detailed explanation of Deep Security's implementation of the SAML standard, see How SAML single sign-on works.

Only the primary tenant administrator can configure Deep Security as a SAML service provider.

At this time, Deep Security supports only the HTTP POST binding of the SAML 2.0 identity provider (IdP)-initiated loginflow, and not the service provider (SP)-initiated login flow

  1. On the Administration page, go to User Management > Identity Providers > SAML.
  2. Click Get Started.
  3. Enter an Entity ID and a Service Name, and then click Next.

    The entity ID must be a globally unique name.

  4. Select a certificate option, and then click Next. You can import a certificate and private key, create a new self-signed certificate or continue to use Deep Security's current certificate.

Import a Certificate and Private Key

  1. Click Choose File and open the PKCS #12 keystore file containing your certificate.
  2. Enter the password for the keystore.
  3. Click Next.

    You will be shown a summary of your certificate details.

  4. Click Finish.

Generate a new self-signed server certificate

  1. Enter the following details for your certificate:
    • Common Name (CN)
    • Organization (O)
    • Organizational Unit (OU)
    • Email Address (E)
  2. Click Next.

    You will be shown a summary of your certificate details.

  3. Click Finish.

Keep the current Server Certificate

  • Click Next, and then click Finish.

Deep Security is now set up as a SAML service provider, and you can continue to Getting started with SAML single sign-on.