SSO Configuration
The tables below cover the main requirements for configuration in the 7.6.0 release.
Log in to the Web Console with an appropriate administrative login.
This login will require two RBAC permissions: Manage User Profiles and Single Sign-On Management.
In the upper-right corner, click the Administration drop-down icon, then click Single Sign-On.
The Single Sign-On Configuration menu appears.This drop-down menu is not visible by default and requires a new RBAC permission, Single Sign-On Management, that can be granted in the User Profile Manager.
Enter the following parameters:
Field Description Single Sign-On Enabled Enables SSO.
Web Console Callback URL
Sometimes called the SSO URL or Assertion Customer Service (ACS) endpoint.
Identifies the location of the Web Console Server and is appended with forward slash SAML.
This endpoint must be accessible from the browser that is logging into the Web Console.
Web Console Identifier (Entity ID)
Also known as Audience URl.
Identifies the intended target of the SAML assertion sent by the Identity Provider.
This value must match the corresponding value specified in your Identity Provider application.
IdP Entry Point
Sometimes called the SSO URL or Assertion Customer Service (ACS) endpoint.
Identifies the intended target of SAML requests sent from the browser to the IdP.
This value and the Web Console Callback URL operate as a pair and define the communication pathway between the Service Provider (the Web Console), and the Identity Provider (the SSO vendor).
IdP Certificate
Also known as X.509 Certificate.
Verifies the digital signature in the SAML assertion (or assertion and response) to ensure that only your IdP generated the response message.
Default User Profile This is the SIEM profile that a new user is assigned during SSO Automatic User Provisioning.
If this dropdown menu is empty, please ensure that the the logged in user has the RBAC permission Manage User Profiles.
Web Console SAML Application Attribute Mapping from IdP User Profile Attributes
Web Console | Okta | PingOne for Customers | Azure AD | PingOne for Enterprise |
|---|---|---|---|---|
NameID | user.email | Username | user.UserPrincipalName | Username |
| firstName | user.firstName | Given Name | user.givenname | First Name |
| lastName | user.lastName | Family Name | user.surname | Last Name |