https://community.cisco.com/t5/cloud-security/umbrella-sso-entityid/m-p/5198162#M2013 <P>Hello,</P><P>I am configuring SAML SSO in Umbrella portal.</P><P>In the portal the metadata to add to my IDP uses EntityID&nbsp;"<A href="https://login.umbrella.com/sso" target="_blank" rel="noopener">https://login.umbrella.com/sso</A>"</P><P>This works correctly when I test my SSO configuration.</P><P>But when I update my IDP to use the&nbsp;Umbrella metadata URL&nbsp;<A href="https://api.umbrella.com/admin/v2/samlsp/certificates/Cisco_Umbrella_SP_Metadata.xml" target="_blank" rel="noopener">https://api.umbrella.com/admin/v2/samlsp/certificates/Cisco_Umbrella_SP_Metadata.xml</A>&nbsp;the EntityID in that metadata is&nbsp;"saml.gateway.id.swg.umbrella.com" and SSO breaks after an update.</P><P>Running a SAML trace I can see in the samlp AuthRequest that the&nbsp;<SPAN>AssertionConsumerServiceURL is&nbsp;"<A href="https://login.umbrella.com/sso" target="_blank" rel="noopener">https://login.umbrella.com/sso</A>" which does not match the EntityID in the metadata URL.</SPAN></P><P>Has anyone gotten SSO to work correctly when using the&nbsp;<SPAN>Umbrella Fixed Metadata URL?</SPAN></P><P><SPAN><A href="https://docs.umbrella.com/umbrella-user-guide/docs/saml-certificate-renewal-options" target="_blank" rel="noopener">https://docs.umbrella.com/umbrella-user-guide/docs/saml-certificate-renewal-options</A></SPAN></P><P>&nbsp;</P> Tue, 24 Sep 2024 14:01:35 GMT nickp214 2024-09-24T14:01:35Z https://community.cisco.com/t5/cloud-security/umbrella-sso-entityid/m-p/5198162#M2013 <P>Hello,</P><P>I am configuring SAML SSO in Umbrella portal.</P><P>In the portal the metadata to add to my IDP uses EntityID&nbsp;"<A href="https://login.umbrella.com/sso" target="_blank" rel="noopener">https://login.umbrella.com/sso</A>"</P><P>This works correctly when I test my SSO configuration.</P><P>But when I update my IDP to use the&nbsp;Umbrella metadata URL&nbsp;<A href="https://api.umbrella.com/admin/v2/samlsp/certificates/Cisco_Umbrella_SP_Metadata.xml" target="_blank" rel="noopener">https://api.umbrella.com/admin/v2/samlsp/certificates/Cisco_Umbrella_SP_Metadata.xml</A>&nbsp;the EntityID in that metadata is&nbsp;"saml.gateway.id.swg.umbrella.com" and SSO breaks after an update.</P><P>Running a SAML trace I can see in the samlp AuthRequest that the&nbsp;<SPAN>AssertionConsumerServiceURL is&nbsp;"<A href="https://login.umbrella.com/sso" target="_blank" rel="noopener">https://login.umbrella.com/sso</A>" which does not match the EntityID in the metadata URL.</SPAN></P><P>Has anyone gotten SSO to work correctly when using the&nbsp;<SPAN>Umbrella Fixed Metadata URL?</SPAN></P><P><SPAN><A href="https://docs.umbrella.com/umbrella-user-guide/docs/saml-certificate-renewal-options" target="_blank" rel="noopener">https://docs.umbrella.com/umbrella-user-guide/docs/saml-certificate-renewal-options</A></SPAN></P><P>&nbsp;</P> Tue, 24 Sep 2024 14:01:35 GMT https://community.cisco.com/t5/cloud-security/umbrella-sso-entityid/m-p/5198162#M2013 nickp214 2024-09-24T14:01:35Z https://community.cisco.com/t5/cloud-security/umbrella-sso-entityid/m-p/5198187#M2014 SSO for users? Or just the management?<BR /><BR /> Tue, 24 Sep 2024 14:36:40 GMT https://community.cisco.com/t5/cloud-security/umbrella-sso-entityid/m-p/5198187#M2014 Ken Stieers 2024-09-24T14:36:40Z https://community.cisco.com/t5/cloud-security/umbrella-sso-entityid/m-p/5198189#M2015 <P>Just Management</P> Tue, 24 Sep 2024 14:37:56 GMT https://community.cisco.com/t5/cloud-security/umbrella-sso-entityid/m-p/5198189#M2015 nickp214 2024-09-24T14:37:56Z