Azure Active Directory (Azure AD) is a universal platform designed to protect and manage access to identities. The Azure AD service provides SSO access to apps and services from anywhere.
Using Security Assertion Markup Language (SAML), a user can use their managed account credentials to sign in to enterprise cloud applications via Single Sign-On (SSO). An Identity Provider (IdP) service provides administrators with a single place to manage all users and cloud applications. You don't have to manage individual user IDs and passwords tied to individual cloud applications for each of your users. An IdP service provides your users with a unified sign-on across all their enterprise cloud applications. Netsparker Enterprise supports the SAML methods, both IdP initiated and SP initiated.
You can also create a new user in Netsparker Enterprise with the Enable Auto Provisioning option.
Single Sign-On Fields
This table lists and explains the Single Sign-On fields in the Configure Single Sign-On window.
|Enable||Select this option to enable the single sign-on feature.|
|Enforce to authenticate only with single sign-on||Enable this option so only administrator users can authenticate without single sign-on. Users can only sign in to Netsparker Enterprise by using the email address that belongs to their employer.|
|IdP Identifier||This is the SAML identity provider’s Identifier value.|
|SAML 2.0 Service URL||This is the Consumer URL value (also called the SSO Endpoint or Recipient URL).|
|SAML 2.0 Endpoint||This is the URL from your IdP's SSO Endpoint field.|
|X.509 Certificate||This is the X.509 certificate value.|
|Enable Auto Provisioning||
Enable this option so that an account will be automatically created for IdP registered users when they first access Netsparker Enterprise.
If you enable this option for user creation in Netsparker Enterprise, you must complete the FirstName, LastName and Phone Number (optional) fields in the Attribute Statements on the IdP side.
This means a new team member can log in to Netsparker Enterprise with no user permissions, such as Start Scan. They can add permissions after this.
|Require SAML assertions to be encrypted||
Enable this option to prevent third parties from reading private data in transit from assertions.
There are two options:
How to Configure Azure Active Directory Single Sign-On Integration with SAML
- Log in to the Azure Portal and navigate to Azure Active Directory. The Overview window is displayed.
- Click Enterprise applications. The Enterprise applications window is displayed.
- Click New application. The Add your own application window is displayed.
- Select Non-gallery application.
- In the Name field, enter a name, and click Add. The quick start window is displayed.
- Click on Configure single sign-on (required). The Single Sign-on window is displayed.
- From the Single Sign-on Mode dropdown, select SAML-based Sign-On.
- Log in to Netsparker Enterprise, and from the main menu, click Settings, then Single Sign-On. The Single Sign-On window is displayed. Select the Azure Active Directory tab. Copy the URL from the SAML 2.0 Service URL field.
- In Netsparker Enterprise's Single Sign-On window, copy the URL from the Identifier field.
- In Azure Active Directory, paste the URL into the Identifier field
- In Azure Active Directory, paste the URL into the Reply URL field.
- Click Save.
- Click Configure Netsparker Enterprise (the name you entered in the Name field in Step 5). The ConfigureSign-On window is displayed.
- In the window that is displayed, copy the URL from the the SAML Entity ID field.
- Log in to Netsparker Enterprise, and from the main menu, click Settings, then Single Sign-On. The Single Sign-On window is displayed. Select the Azure Active Directory tab. Paste the URL into the IdP Identifier field.
- In Azure Active Directory, copy the URL from the SAML Single Sign-On Service URL field.
- In Netsparker Enterprise's Single Sign-On window, paste the URL into the SAML 2.0 Endpoint field.
- In Azure Active Directory, download and copy the content of the X.509 Certificate field.
- In Netsparker Enterprise's Single Sign-On window, paste the URL into the X.509 Certificate field.
- Check Enable Auto Provisioning and Require SAML assertions to be encrypted as required.
- Click Save Changes.