Configure Azure as a SAML source

Create the SAML 2.0 application in Azure

  1. In Azure, search for Enterprise Applications and click New Application.
  2. Click Create your own application.
  3. In the application wizard on the right-hand side, give the application. We recommend Rapid7 InsightVM Console.
  4. Select Integrate any other application you don't find in the gallery.
  5. Click Create.
  6. In the Users and groups section of the left menu, click Add user/group.
  7. Complete the wizard for adding a user to the application.
  8. To configure SSO, click Single Sign-on in the left-hand menu and select SAML.

Basic Azure SAML Configuration

  1. In Section 1, Basic SAML Configuration, click Edit.
  2. In the Identifier (Entity id) field, add your InsightVM Security Console’s Entity id UR, for example: http://rapid7.com/nsc/console/…
  3. For your Reply URL (Assertion Consumer Service URL) add your InsightVM Security Console ACS URL, for example: https://<console-hostname>:<console-port>/saml/SSO
  4. If ACS URL contains hostname/FQDN, you must set a Base Entity URL in the InsightVM Security Console.

Azure User Attributes and Claims

  1. In Section 2, User Attributes & Claims, click Edit, and go to the Additional Claims section.
  2. Set the Required Claim NameID to user.userprincipalname.
  3. Under Additional Claims, delete all claims except for user.mail.
  4. Click the user.mail claim and set the claim name to emailaddress.
  5. Delete the Namespace value so it remains blank
  6. Set the Source Attribute to user.mail.
  7. Click Save.

Download and upload SAML metadata

  1. In Section 3, click SAML Certificates > Federation Metadata XML.
  2. Click Download.
  3. In the Security Console, go the Administration page.
  4. In the Console section, click Authentication: 2FA and SSO.
  5. Click Configure SAML Source.
  6. Click Choose File and select the Azure metadata XML file.
  7. Click Save.
  8. Restart the console services.

Create a user in the Security Console

  1. On the Administration page, under User Management, click Add User.
  2. Complete the required User Information fields. The E-mail address field is case sensitive, and must exactly match the existing IdP user account email value.
  3. Select SAML Authorization Method > SAML.
  4. Select the User Role.
  5. Assign Site and Asset Group Permissions.
  6. Click Save.

Authenticate to InsightVM using SAML

  1. Login to your Azure application landing page.
  2. Select the Rapid7 InsightVM Console tile.