Recommended deployment guidelines for IPSEC with SAML to make sure authentication is automatically completed at logon without manual user interaction.

Cloud SWG
IPSec
WSS Agent
SAML authentication

When deploying IPSEC with SAML authentication, the following best practices are recommended to ensure a seamless and secure user experience:

• Laptops (Roaming/Remote Devices)
• All laptops should have the WSS agent deployed.
• The agent must remain active both inside and outside the organizational network.
• This ensures consistent policy enforcement, secure authentication flows, and minimal disruption for mobile users.
  
  
• Static Workstations (On-Premises Only Devices)
• For fixed desktops and on-premises workstations, deploy a logon script as part of the Windows startup/login process.
• This script should automatically launch a background browser session to trigger SAML authentication.
• This guarantees that authentication is completed at logon without requiring manual user action, maintaining compliance and reducing helpdesk tickets.