Breadcrumbs

SSO Configuration

The tables below cover the main requirements for configuration in the 7.6.0 release.


  1. Log in to the Web Console with an appropriate administrative login.

    This login will require two RBAC permissions: Manage User Profiles and Single Sign-On Management.


  2. In the upper-right corner, click the Administration drop-down icon, then click Single Sign-On.
    The Single Sign-On Configuration menu appears.

    This drop-down menu is not visible by default and requires a new RBAC permission, Single Sign-On Management, that can be granted in the User Profile Manager.


  3. Enter the following parameters:

    Field

    Description

    Single Sign-On Enabled

    Enables SSO.

    Web Console Callback URL

    Sometimes called the SSO URL or Assertion Customer Service (ACS) endpoint.

    Identifies the location of the Web Console Server and is appended with forward slash SAML.

    This endpoint must be accessible from the browser that is logging into the Web Console.

    Web Console Identifier (Entity ID)

    Also known as Audience URl.

    Identifies the intended target of the SAML assertion sent by the Identity Provider.

    This value must match the corresponding value specified in your Identity Provider application.

    IdP Entry Point

    Sometimes called the SSO URL or Assertion Customer Service (ACS) endpoint.

    Identifies the intended target of SAML requests sent from the browser to the IdP.

    This value and the Web Console Callback URL operate as a pair and define the communication pathway between the Service Provider (the Web Console), and the Identity Provider (the SSO vendor).

    IdP Certificate

    Also known as X.509 Certificate.

    Verifies the digital signature in the SAML assertion (or assertion and response) to ensure that only your IdP generated the response message.

    Default User Profile

    This is the SIEM profile that a new user is assigned during SSO Automatic User Provisioning.

    If this dropdown menu is empty, please ensure that the the logged in user has the RBAC permission Manage User Profiles.



Web Console SAML Application Attribute Mapping from IdP User Profile Attributes

Web Console

Okta

PingOne for Customers

Azure AD

PingOne for Enterprise

NameID

user.email

Username

user.UserPrincipalName

Username

firstName

user.firstName

Given Name

user.givenname

First Name

lastName

user.lastName

Family Name

user.surname

Last Name