It is now possible to bypass the SAML user identity challenge by domain or IP address.
Using SAML to obtain a user identity can sometimes cause incompatibilities with certain types of web request. For example, non-browser applications or IoT (Internet of Things) device traffic may not be able to respond correctly to the SAML identity challenge. When the user identity cannot be obtained the request is blocked. If the reason for the failure to respond correctly to a SAML challenge is known to be an incompatibility issue, a SAML bypass can be added to prevent the SAML challenge in future.
Bypassing SAML for a destination will mean that the user identity will not be available to match against user-based polices. Other identity types, such as Network or Tunnel, will be used to match the web policy and the request allowed or blocked based on the policy outcome.
A new destination list type called 'SAML Bypass' is now available. The destination list can be added to a Ruleset by editing the SAML setting.
For more information on configuring a SAML bypass please refer to the Umbrella documentation -
- Add a SAML Bypass Destination List- https://docs.umbrella.com/umbrella-user-guide/docs/add-a-saml-bypass-destination-list
- Add a Ruleset to the Web Policy-https://docs.umbrella.com/umbrella-user-guide/docs/add-a-rules-based-policy