The Blog

Olfeo SaaS: the promise of a cybersecurity solution ready in 1 hour

May 2, 2023

When it comes to protecting your business against web threats, installation time and complexity are often key factors.

That's why Olfeo Saas is so easy to use for companies looking for comprehensive web protection. In fact, Olfeo Saas can be activated in less than an hour, and its functional protection means you can quickly secure your workstations against online threats.

Unrealistic promise or technical reality? See for yourself!

What is Olfeo SaaS?

Olfeo SaaS is a web security gateway in the cloud, marketed as a Service.

As such, it filters HTTP and HTTPS requests submitted by your users via a Station Agent installed on their workstations, according to the routing rules you set up. To do this, Olfeo SaaS authenticates the requests, decrypts them and applies the appropriate filtering rules you have set up. Olfeo SaaS then analyzes the responses received from the requested server before encrypting and retransmitting the request to the user.

Ready to use in less than an hour: the steps to follow!

To be ready to use Olfeo Saas, in brief, you will need to follow the following steps:

  1. Activate your customer account and create your first administrator account
  2. Synchronize your directory and set up authentication with your IDP
  3. Implement basic filtering policies and the Trust-Centric approach
  4. Finalize the creation of a Station Agent configuration
  5. Install Station Agent and browse protected

Ready to go? Let's get started!

Create and activate your account

As an administrator, the first step is to create and activate your Olfeo administrator account.

  1. To do this, go to the Olfeo SaaS login page and follow the initial connection process (you'll need your license login and password).

AttentionIf you don't receive the invitation and confirmation e-mails, check your junk mail and anti-spam folder. Some anti-spam software can insert content into e-mail links to prevent phishing.

  1. You will then need to reset your password from the login page.
  2. Once your password has been initialized, you can connect to the Olfeo SaaS administration interface.

Congratulations: your account is now active!

Now it's time to configure your Olfeo SaaS solution: the first thing to do is connect your corporate directory.

Link your corporate directory to Olfeo SaaS

Configuring Olfeo SaaS with your corporate directory enables you to synchronize and authenticate your employees in a simple, scalable way, taking into account user groups and/or organizational units already listed. Directory configuration enables you to deploy Olfeo SaaS throughout your organization.

Olfeo SaaS can synchronize with the following directories: Azure AD (based on the Microsoft cloud) and Active Directory. For this tutorial, we'll look at the connection with Azure AD.

Prerequisite: a Microsoft Azure account (the free plan is sufficient) with administrator access to install an enterprise application.

Creating a directory in Olfeo SaaS

  1. Go to Configuration > Directories and let us guide you through the creation of an "Azure" directory.
  2. Then click on the Synchronization tab of your directory: here you'll find the information you need to set up provisioning from Azure AD - Keep this tab open, as you'll need the information to set up provisioning in Azure.

Add the Olfeo SaaS application from the Azure AD application gallery

To configure Azure AD with Olfeo SaaS, you need to add the Olfeo SaaS application to your list of enterprise applications managed by your Azure AD: it will be responsible for synchronizing groups and users, as well as authenticating your users (via SAML).


The Olfeo SaaS application is available in the Azure AD application gallery.

  1. Log in to the Azure administration portal, then go to Azure Active Directory
  2. From the side navigation bar, go to "Enterprise applications" and add the Olfeo SaaS application (enter "Olfeo" in the Azure catalog search engine).


Configure automatic provisioning

  1. In your new Olfeo SaaS application, go to the Procurement tab and click on Start to launch the settings.
  2. Choose the Automatic provisioning mode and copy/paste the Tenant URL and Secret Token into the corresponding fields (you'll find the Tenant URL and Token in the "Synchronization" tab of your Olfeo SaaS directory).
  3. Click on "Test connection" to check that Azure AD can connect to Olfeo SaaS. A confirmation message appears. Click on "Save".
  4. Then make sure you activate the provisioning service and set the scope to "All users/groups" (this setting can be changed later).
  5. Click on Save to launch the initial supply cycle.

Note: This operation starts the initial synchronization of all users and/or groups defined in the Extended parameter. Initial synchronization takes longer than subsequent synchronizations, which occur approximately every 40 minutes as long as the Azure AD provisioning service is active.

Tip: you can force a user's provisioning to be synchronized without waiting for the provisioning cycle to complete. 😊

Configuring authentication via SAML

Authentication is a system for validating identity by verifying a user's authenticity. The Olfeo SaaS solution uses the SAML protocol to manage the unique authentication of users against your IDP (in this case, Azure AD).


To configure SAML single sign-on, follow these steps :

  1. In Olfeo SaaS, display the "Authentication" tab of your directory.
  2. Choose SAML from the drop-down list of authentication methods.
  3. Click on Activate to generate and display the Olfeo SaaS metadata required to configure SAML authentication.
  4. Copy and paste Olfeo SaaS metadata one by one into Microsoft Azure AD :
    • From your Microsoft Azure interface, go to Enterprise applications > All applications > Olfeo SaaS (or Olfeo) > Olfeo SaaS tab.
    • Select the SAML single sign-on method.
    • In section 1- SAML basic configuration, click on Modify.
    • Paste Olfeo SaaS metadata into the corresponding fields.
    • Click on Save.
  5. Next, copy the URL of the metadata generated by Azure AD for your Olfeo SaaS application - this is shown a little further down in the SAML configuration interface.
  6. Then return to the Olfeo SaaS directory configuration page on the Authentication view.
  7. In the Supplier metadata field, click Edit to paste the metadata URL provided by Microsoft Azure AD.
  8. Click Update to save the data entered.

Congratulations! You're protected by Olfeo SaaS!


Once all the configuration steps have been completed, your Olfeo SaaS solution is ready to protect your web traffic.

In less than an hour, a promise kept.