SAML (Security Assertion Markup Language) is a markup language designed for exchanging authentication information between the user, the identity provider, and the service provider.
- SAML provides a standard for interoperability in identity management systems and technologies so that SSO can be extended across security domains.
- Setup instructions may vary by identity provider (IdP). Netsparker Enterprise supports the SAML methods both IdP initiated and SP initiated.
- You can also create a new user in Netsparker Enterprise with the Enable Auto Provisioning option.
If you encounter any problem while setting up SSO integration, see Troubleshooting SSO Issues.
You have to use IdP-initiated SSO if you want to utilize Auto Provisioning.
If you will use SP-initiated SSO, please set the Name ID Format value to email address on the IdP side.
Single Sign-On Fields
This table lists and explains the Single Sign-On fields in the Configure Single Sign-On window.
|Enable||Select this option to enable the single sign-on feature.|
|Enforce to authenticate only with single sign-on||Enable this option so only administrator users can authenticate without single sign-on. Users can only sign in to Netsparker Enterprise by using the email address that belongs to their employer.|
|IdP Identifier||This is the SAML identity provider’s Identifier value.|
|SAML 2.0 Service URL||This is the Consumer URL value (also called the SSO Endpoint or Recipient URL).|
|SAML 2.0 Endpoint||This is the URL from your IdP's SSO Endpoint field.|
|X.509 Certificate||This is the X.509 certificate value.|
|Enable Auto Provisioning||
Enable this option so that an account will be automatically created for IdP registered users when they first access Netsparker Enterprise.
If you enable this option for user creation in Netsparker Enterprise, you must complete the FirstName, LastName, and Phone Number (optional) fields in the Attribute Statements on the IdP side.
This means a new team member can log in to Netsparker Enterprise with no user permissions, such as Start Scan. They can add permissions after this.
|Require SAML assertions to be encrypted||
Enable this option to prevent third parties from reading private data in transit from assertions.
There are two options:
|Use Alternate Login Email||
Enable to allow users to use alternative email for SSO.
After you enable this, you can enter an alternative email in the New Member window and while editing the user's details in the Team window.
How to Configure SAML-Based Single Sign-On Integration
- Log in to Netsparker Enterprise.
- From the main menu, click Settings, then Single Sign-On. The Single Sign-On window is displayed.
- Select the SAMLv2.0 tab.
- If your IdP (Identity Provider) requires you to specify a SAML Identifier for Netsparker Enterprise (it may also be referred to as the Audience or Target URL), use the value of the Identifier field.
- If your IdP requires you to specify a Consumer URL (it may also be referred to as the SSO Endpoint or Recipient URL), use the value of the SAML 2.0 Service URL field.
- Retrieve the URL from your IdP's IdP Identifier field and paste it into Netsparker's IdP Identifier field.
- Retrieve the URL from your IdP's SSO Endpoint field and paste it into Netsparker's SAML 2.0 Endpoint field.
- Export your X.509 certificate, copy its content, and paste the certificate value into Netsparker's X.509 Certificate field.
- If Enable Auto Provisioning is enabled, you should enter the FirstName, LastName, and Phone Number (optional) fields in the Attribute Statements (Mapping).
If Enable Auto Provisioning is enabled, a new team member is able to log in to Netsparker Enterprise with no user permissions, such as Start Scan.
- If Require SAML assertions to be encrypted is selected, you can select I have an existing certificate to import a decryption certificate from your files.
- Enable the Use Alternate Login Email, if required.
- Click Save Changes.