Configuring SAML-Based Single Sign-On Integration
SAML (Security Assertion Markup Language) is a security language designed for exchanging authentication information between the user, the identity provider and the service provider. SAML provides a standard for interoperability in identity management systems and technologies so that SSO can be extended across security domains.
Setup instructions may vary by the identity provider (IdP). Acunetix 360 supports the SAML methods both IdP initiated and SP initiated. You can also create a new user in Acunetix 360 with the Enable Auto Provisioning option.
You have to use IdP-initiated SSO if you want to utilize Auto Provisioning.
If you will use SP-initiated SSO, please set the Name ID Format value to email address on the IdP side.
Single Sign-On Fields
This table lists and explains the Single Sign-On fields in the Configure Single Sign-On window.
Select this option to enable the single sign-on feature.
Enforce to authenticate only with single sign-on
Enable this option so only administrator users can authenticate without single sign-on. Users can only sign in to Acunetix 360 by using the email address that belongs to their employer.
This is the SAML identity provider’s Identifier value.
SAML 2.0 Service URL
This is the Consumer URL value (also called the SSO Endpoint or Recipient URL).
SAML 2.0 Endpoint
This is the URL from your IdP's SSO Endpoint field.
This is the X.509 certificate value.
Enable Auto Provisioning
Enable this option so that an account will be automatically created for IdP registered users when they first access Acunetix 360.
If you enable this option for user creation in Acunetix 360, you must complete the FirstName, LastName and Phone Number (optional) fields in the Attribute Statements on the IdP side.
This means a new team member can log in to Acunetix 360 with the View Scan Report permission. Admins can add permissions after this.
Require SAML assertions to be encrypted
Enable this option to prevent third parties from reading private data in transit from assertions.
There are two options:
Use Alternate Login Email
Enable to allow users to use alternative email for SSO.
After you enable this, you can enter an alternative email in the New Member window and while editing the user's details in the Team window.
How to Configure SAML-Based Single Sign-On Integration
- Log in to Acunetix 360.
- From the main menu, click Settings, then Single Sign-On. The Single Sign-On window is displayed.
- Select the SAMLv2.0 tab.
- If your IdP (Identity Provider) requires you to specify a SAML Identifier for Acunetix 360 (it may also be referred to as the Audience or Target URL), use the value of the Identifier field.
- If your IdP requires you to specify Consumer URL (it may also be referred to as the SSO Endpoint or Recipient URL), use the value of the SAML 2.0 Service URL field.
- Retrieve the URL from your IdP's IdP Identifier field and paste it into Acunetix 360’s IdP Identifier field.
- Retrieve the URL from your IdP's SSO Endpoint field and paste it into Acunetix 360’s SAML 2.0 Endpoint field.
- Export your X.509 certificate, copy its content and paste the certificate value into Acunetix 360’s X.509 Certificate field.
- If Enable Auto Provisioning is enabled, you should enter the FirstName, LastName, and Phone Number (optional) fields in the Attribute Statements (Mapping).
If Enable Auto Provisioning is enabled, a new team member is able to log in to Acunetix 360 with no user permissions, such as Start Scan.
- Click Save Changes.