Configuring Azure Active Directory Integration with SAML
Azure Active Directory (Azure AD) is a universal platform designed to protect and manage access to identities. The Azure AD service provides SSO access to apps and services from anywhere.
Using Security Assertion Markup Language (SAML), a user can use their managed account credentials to sign in to enterprise cloud applications via Single Sign-On (SSO). An Identity Provider (IdP) service provides administrators with a single place to manage all users and cloud applications. You don't have to manage individual user IDs and passwords tied to individual cloud applications for each of your users. An IdP service provides your users with a unified sign-on across all their enterprise cloud applications. Acunetix 360 supports the SAML methods, both IdP initiated and SP initiated.
You can also create a new user in Acunetix 360 with the Enable Auto Provisioning option.
You have to use IdP-initiated SSO if you want to utilize Auto Provisioning.
If you will use SP-initiated SSO, please set the Name ID Format value to email address on the IdP side.
Single Sign-On Fields
This table lists and explains the Single Sign-On fields in the Azure Single Sign-On window.
Select this option to enable the single sign-on feature.
Enforce to authenticate only with single sign-on
Enable this option so only administrator users can authenticate without single sign-on. Users can only sign in to Acunetix 360 by using the email address that belongs to their employer.
This is the SAML identity provider’s Identifier value.
SAML 2.0 Service URL
This is the Consumer URL value (also called the SSO Endpoint or Recipient URL).
SAML 2.0 Endpoint
This is the URL from your IdP's SSO Endpoint field.
This is the X.509 certificate value.
Enable Auto Provisioning
Enable this option so that an account will be automatically created for IdP registered users when they first access Acunetix 360.
If you enable this option for user creation in Acunetix 360, you must complete the FirstName, LastName, and Phone Number (optional) fields in the Attribute Statements on the IdP side.
This means a new team member can log in to Acunetix 360 with the View Scan Report permission. Admins can add permissions after this.
Require SAML assertions to be encrypted
Enable this option to prevent third parties from reading private data in transit from assertions.
There are two options:
Use Alternate Login Email
Enable to allow users to use alternative email for SSO.
After you enable this, you can enter an alternative email in the New Member window and while editing the user's details in the Team window.
How to Add Acunetix 360 to Azure Active Directory
- Log in to the Azure Portal.
- On the left navigation pane, select the Azure Active Directory service.
- Select Enterprise applications, then All Applications.
- Select + New Application.
- In the Browse Azure AD Gallery (Preview) window, type Acunetix 360 in the search box.
- Select Acunetix 360 from the results panel.
- Select Create to add the application.
Wait a few seconds while the app is added to your tenant.
You can now configure Azure Active Directory Single Sign-On Integration with SAML. To do this, you need an Acunetix 360 and Azure account.
How to Configure Azure Active Directory Single Sign-On Integration with SAML
- Log in to the Azure Portal.
- From the All Application window, select Acunetix 360.
- Select Set up Single Sign-On > SAML.
- Click the pencil icon for Basic SAML Configuration to edit the settings.
- Log in to Acunetix 360, and from the main menu, select Settings > Single Sign-On. Select Azure Active Directory from the drop-down list. Copy the URL from the SAML 2.0 Service URL field.
- In Azure Active Directory, paste this URL into the Reply URL field.
- Select Save.
- In Azure Active Directory, copy the URL from the Azure AD Identifier field and paste this URL into the IdP Identifier field in Acunetix 360.
- In Azure Active Directory, copy the URL from the Login URL field and paste this URL into the SAML 2.0 Endpoint field.
- In Azure Active Directory, download the Certificate (Base64). Open the certificate with a text editor.
- Copy the content of it into the X.509 Certificate field on Acunetix 360. (The certificate becomes available once you successfully save the Basic SAML Configuration as described in the 5th, 6th, and 7th steps.)
- Check Enable Auto Provisioning, Require SAML assertions to be encrypted, and Use Alternate Login Email as required.
- Select Save Changes.
For further information, see instructions available on Microsoft.