Umbrella supports SAML configuration for end user authentication. However, some Identity providers such as Azure AD do not support multiple instances of the Umbrella SAML app in the same Azure AD tenant. This is because Umbrella currently exposes a single SAML Service Provider Entity ID by default, and Identity providers such as Azure AD will only allow a single SAML configuration against each Service Provider Entity ID.
Umbrella customers can now generate an org-specific Service Provider Entity ID and use that to set up SAML for multiple orgs against a single Identity provider.
Example use-cases include:
- Customers who wish to set up SAML for SWG with multiple orgs. E.g. A customer uses the same Azure IdP account for SWG with Umbrella MO console.
- Customers who wish to deploy 'Cisco+ Secure Connect' in a new org without affecting production SWG org.
- Customers who wish to setup a 'test org' which uses the same IdP as their production org.
Note that this feature is not related to SAML for the Umbrella dashboard SSO login.
For more information on configuring this feature, refer to Umbrella documentation at https://docs.umbrella.com/umbrella-user-guide/docs/configure-saml-for-multiple-entityids