Manually Configure a SAML Identity Provider Through the Common Services

1. Use one of the various ways to access Common ServicesIdentity & Access.
2. Manually configure a SAML provider from Common ServicesIdentity & AccessIdentity Federations.

3. Select Configure Identity Provider.

4. Select Enter ManuallyNext.
5. Go to your identity provider’s console, download the certificate, and take note of all the provider’s details. The console details look similar to the following, but all providers are slightly different.

6. In your identity provider’s console, set up the Attribute Statements for firstName of user.firstName, lastName of user.lastName, and email of user.email. Without them, you will only see a blank name in the hub or Strata Cloud Manager. The console details look similar to the following, but all providers are slightly different.

7. Upload Certificate for your identity provider certificate. Use .crt files only.
8. Enter your Identity Provider ID.
9. Enter your Identity Provider SSO URL.
10. Select Next.
11. The Configure Identity Provider button is replaced with the Login URL that you configured. The Login URL is how Palo Alto Networks knows where to send the user when they log in. This is disabled by default. Select ActionsEnable.