Configuring SAML-Based Single Sign-On Integration
SAML (Security Assertion Markup Language) is a security language designed for exchanging authentication information between the user, the identity provider and the service provider. SAML provides a standard for interoperability in identity management systems and technologies so that SSO can be extended across security domains.
Setup instructions may vary by the identity provider (IdP). Acunetix 360 supports the SAML methods both IdP initiated and SP initiated. You can also create a new user in Acunetix 360 with the Enable Auto Provisioning option.
You have to use IdP-initiated SSO if you want to utilize Auto Provisioning.
If you will use SP-initiated SSO, please set the Name ID Format value to email address on the IdP side.
Single Sign-On Fields
This table lists and explains the Single Sign-On fields in the Configure Single Sign-On window.
Select this option to enable the single sign-on feature.
Enforce to authenticate only with single sign-on
Enable this option so only administrator users can authenticate without single sign-on. Users can only sign in to Acunetix 360 by using the email address that belongs to their employer.
This is the SAML identity provider’s Identifier value.
SAML 2.0 Service URL
This is the Consumer URL value (also called the SSO Endpoint or Recipient URL).
SAML 2.0 Endpoint
This is the URL from your IdP's SSO Endpoint field.
This is the X.509 certificate value.
How to Configure SAML-Based Single Sign-On Integration
- Log in to Acunetix 360.
- From the main menu, select Settings > Single Sign-On.
- Select the SAMLv2.0 tab.
- If your IdP (Identity Provider) requires you to specify a SAML Identifier for Acunetix 360 (it may also be referred to as the Audience or Target URL), use the value of the Identifier field.
- If your IdP requires you to specify Consumer URL (it may also be referred to as the SSO Endpoint or Recipient URL), use the value of the SAML 2.0 Service URL field.
- Retrieve the URL from your IdP's IdP Identifier field and paste it into Acunetix 360’s IdP Identifier field.
- Retrieve the URL from your IdP's SSO Endpoint field and paste it into Acunetix 360’s SAML 2.0 Endpoint field.
- Export your X.509 certificate, copy its content and paste the certificate value into Acunetix 360’s X.509 Certificate field.
- If Enable Auto Provisioning is enabled, you should enter the FirstName, LastName, and Phone Number (optional) fields in the Attribute Statements (Mapping). For further information about OnlySsoLogin, see Provisioning a member.
- If Require SAML assertions to be encrypted is enabled, you can select I have an existing certificate to import a decryption certificate from your files.
- Enable the Use Alternate Login Email, if required. If enabled, this lets users use alternative email for SSO. So, you can enter an alternative email on the New Member Invitation page and while editing the user's details on the Team page.
- Select Save Changes.