Certificates for SAML Authentication

Cisco Secure Access integrates with various Security Assertion Markup Language (SAML) identity providers (IdPs) that authenticate users. When a user requests a resource, Secure Access verifies the identity of the user through a trusted exchange with the integrated IdP and authorizes the user to get the resource. Users on devices must authenticate with Secure Access before connecting to private or web resources. The Secure Access services—Zero Trust (ZT), secure web gateway (SWG), and virtual private networks (VPNs)—must trust the connections from users and devices.

To set up a trust relationship between Secure Access (service provider) and an SAML IdP, an administrator imports the SAML IdP XML Metadata in to Secure Access, and then uploads the Secure Access XML Metadata to the SAML IdP's platform. The administrator adds the service provider's certificates to the IdP platform's trust store.

After you integrate an SAML IdP with Secure Access, you can manage the certificates in Secure Access for both the service provider (Secure Access) and your organization's IdPs. Secure Access lists a certificate's subject name, serial number, and expiration date and displays notifications about certificates that may expire.

Certificates for Private Resource Decryption < Certificates for SAML Authentication > Manage SAML Certificates for Service Providers