Configure Deep Security as a SAML service provider

As the first step in the SAML single sign-on configuration, you will need to set up Deep Security as a service provider.

For a more detailed explanation of Deep Security's implementation of the SAML standard, see How SAML single sign-on works.

Only the primary tenant administrator can configure Deep Security as a SAML service provider.

At this time, Deep Security supports only the HTTP POST binding of the SAML 2.0 identity provider (IdP)-initiated loginflow, and not the service provider (SP)-initiated login flow

1. On the Administration page, go to User Management > Identity Providers > SAML.
2. Click Get Started.

3. Enter an Entity ID and a Service Name, and then click Next.

   The entity ID must be a globally unique name.

4. Select a certificate option, and then click Next. You can import a certificate and private key, create a new self-signed certificate or continue to use Deep Security's current certificate.

Import a Certificate and Private Key

1. Click Choose File and open the PKCS #12 keystore file containing your certificate.
2. Enter the password for the keystore.

3. Click Next.

   You will be shown a summary of your certificate details.

4. Click Finish.

Generate a new self-signed server certificate

1. Enter the following details for your certificate:
   • Common Name (CN)
   • Organization (O)
   • Organizational Unit (OU)
   • Email Address (E)

2. Click Next.

   You will be shown a summary of your certificate details.

3. Click Finish.

Keep the current Server Certificate

• Click Next, and then click Finish.

Deep Security is now set up as a SAML service provider, and you can continue to Getting started with SAML single sign-on.