Configure single sign-on for an SAML (Generic) IdP Provider
Configure single sign-on (SSO) so that any user in your organization can automatically log in to Incident Response.
Before you begin
Role required: Administrator
- Access your IdP Provider.
- Note the IdP Provider URL from your provider.
- Note the SSO Endpoint URL from your provider.
- Optional: Note the logout request endpoint URL from your provider to use for the IdP Logout URL field, if you are enabling Single Sign Out.
- Export the X.509 certificate using the PEM format.
- Log in to Incident Response.
- On the navigation pane, select Admin.
On the Single Sign-on, OAuth Identity form, select Set up and manage
Note: Only one authentication feature can be enabled at a time.
- Select Edit.
Fill in the SSO fields with the information you noted from your provider.
Field Description IdP Issuer URI/Entity ID Issuer URI of the Identity Provider. This value is usually the SAML Metadata EntityID of the IdP EntityDescriptor. IdP Login URL The binding-specific IDP Authentication Request Protocol endpoint that receives SAML AuthnRequest messages from Incident Response. IdP Logout URL [Hidden] Visible when Single Sign Out is enabled. This is the logout request endpoint URL for your IdP. IdP Signature CertificateThe PEM encoded public key certificate of the Identity Provider used to verify SAML message and assertion signatures.Note: Be sure to include the BEGIN header and END footer with dashes.
A certificate expiration date is generated after successfully adding the certificate.
- Optional: Enabled by default. Force password authentication enforces password-based to authentication. Disabling it lets your IdP choose an appropriate authentication method such as MFA or Security key.
To activate single sign out, select the Enable Single Sign
Out toggle switch.
When enabled it completes the user IdP logout. Otherwise, their logout is only from Incident Response.
Use the Test connection button to make sure your
Test connection creates a popup with your results.
When the test succeeds, you can select Activate to enable SSO.
If the test failed, follow the instructions in the popup and select Close to continue editing.Once you have successfully tested your configuration and activated, you're done. Your SSO configuration is enabled.Note: To disable the configuration, use the Enable Single Sign In toggle switch back to the off position.