Cisco Umbrella SAML Integration for Ping Identity – Overview
This article is specific to configuring Cisco Umbrella to integrate with Ping Identity for Single Sign-on (SSO) with SAML. In order to enable SAML for Cisco Umbrella, you must first add the Ping Identity application for Umbrella to your organization, then follow a step-by-step wizard to complete the process in Umbrella. For more information on how SAML integration works with Umbrella, read our overview here.
- In Umbrella, navigate to Settings > Authentication.
- Click SAML in the table to expand it.
- Select Ping Identity from the list of providers and click Next.
- From the Instructions tab, follow instructions as listed. You'll be asked to provide the provider metadata.
- To configure Ping Identity for Umbrella to gather the metadata, log into your Ping Identity dashboard as the user you want to configure for Umbrella and go to the Admin tab. It's very important that you log into both dashboards with the same user (email address), or these steps will likely fail.
- Click Add Application, then Search Application Catalog.
- Search for OpenDNS and select the OpenDNS application with the type SAML.
- Select the defaults for setup steps 1 through 4 (except change opendns.com to umbrella.com. Example https://login.umbrella.com/sso), verifying the attribute mapping and click Save & Publish.
- At Step 5 - Review, click Download next to SAML Metadata and save the pingone-metadata-idp.xml file.
- Ensure all users that will need to log in to your Umbrella dashboard now or in the future have the OpenDNS application assigned to their Ping account. All users must have access to the OpenDNS application or they will not be able to log in. Save the configuration.
- Once you've completed the application setup, return to Umbrella and navigate to Settings > Authentication and proceed to step 3 Upload Metadata.
- Click Choose File and select the metadata file you downloaded from Ping Identity and click Next.
- Click Test Your SAML Configuration.
- Enter the Umbrella email for your current logged in user that was added to the Ping Identity application.The email must match exactly the email that's used to log in to the Umbrella dashboard. After the test completes, a success message should be shown.
From that point forward, all authentication to the Umbrella dashboard for all users in your organization will be handled by Ping Identity.