Integrate Fastly

Log in to Fastly. The Fastly Home page appears.

Click your login account profile in the top-right and select Account from the drop-down list. The Company Settings page appears.

Click Single Sign-on from the left pane of the menu. The Single sign-on page appears.

Click Add SAML Configuration. The Set up single sign-on page appears.

Open a text editor such as Notepad, and copy and save the following.

Assertion Consumer Service URI

Audience URI (SP Entity ID)

Leave this window and page open. You return to it in Step 5: Configure Fastly for Identity as a Service authentication.

Add Fastly as an application to Identity as a Service

Log into your Identity as a Service administrator account.

Click > Security > Applications. The Applications Lists page appears.

Click Add. The Select an Application Template page appears.

Do one of the following:

Select SAML Cloud Integrations from the search drop-down list and scroll to find the application you want to add to IDaaS.

- or -

In the Search bar, enter a search option to filter for the application you want to add to IDaaS.

Click Fastly. The Add Fastly page appears.

Enter an Application Name.

Enter an Application Description.

Optional. Add a custom application logo.

Click next to Application Logo. The Upload Logo dialog box appears.

Click  to select an image file to upload.

Browse to select your file and click Open. The Upload Logo dialog box reappears showing your selected image.

If required, resize your image.

Click OK.

Select the Authentication Flow that appears to users during login.

Click Next. The General page appears.

In the Default Assertion Consumer Service URL, enter the Assertion Consumer Service URL you copied in Step 1: Obtain the Assertion Consumer Service URL and Entity ID from Fastly.

In the Service Provider Entity ID field, enter the Entity ID you copied in Step 1: Obtain the Assertion Consumer Service URL and Entity ID from Fastly.

Enter the SAML Session Timeout to the time when the SAML Assertion times out. The maximum is 720 minutes.

Enter the Max Authentication Age (seconds) to set the maximum amount of time that can elapse before a user is required to reauthenticate during a new login attempt. This applies for both SP-initiated and IDP-initiated login. Set this field to -1 to disable this feature.

From the SAML NameID Attribute drop-down list, select Email.

  From the SAML NameID Encoding Format drop-down list, select Email.

Select the SAML Signing Certificate.

Optional: Select Respond Immediately for Unsuccessful Responses to return to the application immediately after a login failure, rather than allow user to try again with a different userID.

Deselect Enable Go Back Button if you do not want users to be able to go back to the Fastly login page to log in.

Select Show Default Assertion Consumer URL Service in the My Profile. When selected, the Default Assertion Consumer URL appears in a user's My Profile page in addition to relay states and Alternative Assertion Consumer URLs.

Leave the remaining settings at the default values.

Click Submit.

Return to the Fastly page you left open in Step 1: Obtain the Assertion Consumer URL and Entity ID from Fastly.

Click Browse for the metadata file.

Select the metadata file you downloaded in Step 4: Download the metadata file from Identity as a Service.

If the Upload is not successful, open the XML metadata file with a text editor and remove the values cacheDuration="P0Y0M1DT0H0M0.000S.

After successful upload, click Save and enable SSO.

Test Identity as a Service redirect log in

Log in to your Identity as a Service account.

Go to your My Profile page if you are not already there.

Under Applications, click Fastly.

Respond to the second factor authentication challenge. If you respond successfully, you are logged in to Fastly.