Skip to main content

How-To check if SAML is configured for Secure Web Gateway

mpourman
  • Updated
  • min read

How can I confirm if  SAML for SWG has been configured  in my Umbrella organization and check if the SWG SAML certificate requires an update?

 

How can I verify if my organization is configured to use SWG SAML?

In the Umbrella Dashboard navigate  to Deployments > Configuration > SAML Configuration.If the SWG SAML configuration has not been set up, you will see a page similar to the example below with the message: "You have not added SAML configurations yet."

 

 

umb-No swg saml.jpg

 

If the SWG SAML configuration has already been set up, the SAML configuration will be displayed on the page, and the IdP name will be shown as the SAML provider. In the example below, Azure is configured as the IdP, with Azure displayed as the SAML provider.

 

SAML_Azur_Umb dash.jpg

 

How can I determine if I am validating the signing certificate and need to update the Umbrella SWG SAML  certificate for Azure?

Note : For the other idp's this step may be different or not even a option. Please consult with your idp provider for detailed instructions.

 

Azure AD, acting as an Identity Provider (IdP), typically does not validate or check certificates from the Service Provider (SP) when performing SAML-based Single Sign-On and it is optional.

 

1. Log in to Azure AD and Navigate  to Azure Services > Enterprise Applications.
Locate the application you previously created for Umbrella SWG SAML (e.g., "Umbrella-SWG-SAML").

 

 

 

Check SAML SWG APP.jpg

 

Note: Identifier URI (Entity ID) for this  APP should be  "saml.gateway.id.swg.umbrella.com"

 

2. Open the application, and in the left panel, navigate to Manage > Single sign-on.

 

Single Sign-on.jpg

 

 

3. In the SAML Certificates section, review the Verification Certificates (optional) part.

  • If it shows "Required: No," it means Azure is not validating or checking certificates from the Service Provider (SP), which in this case is Umbrella SWG. Therefore, you do not need to update the Umbrella SWG SAML certificate.

Verification No.jpg

 

  • If it shows "Required: Yes," you can click on Edit and check the expiration date.

If the certificate needs to be updated, you can upload the new certificate by clicking on "Upload Certificate."

 

NOTE: DO NOT delete the existing certificate at this stage.  It is still in use.  The configuration MUST contain both current and new certificates.  

 

Verification Yes 1.jpg

verificstion Yes 1.jpg

Was this article helpful?

1 out of 1 found this helpful
Have more questions? Submit a request

Related articles