Secure Access Service Edge (SASE) is a network service. Further, that helps your enterprise to secure all of its users’ access to the Internet. It combines enterprise-class web security and identity services with the convenience and speed of cloud-delivered applications.
SASE – SINGLE sign-on
SASE – SINGLE sign-on means that all users will get a single account for their access to the Internet. So, no matter what application they use or what site they visit. This will save time and money for enterprises and their employees. As they won’t have to create new accounts every time they start using a new application or website.
They will have only one account for everything – for all applications and websites used in their daily work. This will make their lives easier, improve productivity and increase the security of the enterprise network.
SASE SAML 2.0
SAML 2.0 is an XML protocol that allows systems to exchange user authentication and authorization data. Further, across networks in a secure manner. SAML 2.0 allows a user to be authenticated by an identity provider (IdP) once. Then use the same authentication details (called assertions) to access multiple services. Even without having to re-authenticate at each service provider (SP).
The user logs into an identity provider using an existing authentication method. Such as username/password or smart card then requests a set of authentication assertions from the identity provider. Hence, that can be useful to other web service providers (called service providers). Also, to authenticate the user without requiring any passwords from them. These assertions are like “tokens” which can be used by service providers just like passwords but with additional security advantages.
SAML does not directly address user provisioning (user creation, deletion, modification). But its use with other standards such as WS-Federation can provide this functionality. As well as single sign-on capabilities between systems that support these protocols.
How do SASE – Single Sign-On & SAML 2.0 work?
Users will be able to use the single sign-on (SSO) function in SASE to access all their applications and information resources. When a user first logs into SASE, they are prompted to enter their login credentials. This is the same username and password that they use when they log into their enterprise network.
Once they have logged in, they will be presented with a list of available applications and resources. The user selects which applications and resources they want to access and are automatically authenticated. They are then redirected to the selected application or resource, where their presence is automatically detected. The application then loads a component called an identity provider (IDP).
This component allows the user to present their claims about who they are and which roles they have within the enterprise network as SAML assertions which are then used by the application to determine what actions the user can perform within that application.
SASE Delegation of Authentication
Users can be authenticated using their username and password or using smart cards. After the user has logged in, they are presented with a list of available applications and resources from their enterprise network. They select which applications and resources they want to access and are automatically authenticated. They are then redirected to the selected application or resource, where their presence is automatically detected.
The application then loads a component called an identity provider (IDP). This component allows the user to present their claims about who they are and which roles they have within the enterprise network as SAML assertions which are then used by the application to determine what actions the user can perform within that application.