Configure OneLogin as a SAML source
Copy link

Task 1: Create a new application in OneLogin
Copy link

  1. Log in to OneLogin.
  2. Select Applications
  3. Click Add App.
  4. Search for SAML Test and select the SAML Custom Connector (Advanced).
  5. Name your Application (for example: Vulnerability Management (InsightVM) Console).
  6. In the Audience (Entity ID) field, paste your Vulnerability Management (InsightVM) Security Console Entity ID URL (for example: http://rapid7.com/nsc/console/…).
  7. In the Recipient field, paste your Vulnerability Management (InsightVM) Security Assertion Consumer Service (ACS) URL (for example: https://<console-hostname>:<console-port>/saml/SSO). If the ACS URL contains a hostname or fully-qualifed domain name (FQDN), set a Base Entity URL in the Vulnerability Management (InsightVM) Security Console.
  8. In the ACS (Consumer) URL Validator field, enter the * (asterisk) symbol.
  9. In the ACS (Consumer) URL field, enter the same ACS URL as the one in the Recipient field.
  10. In the OneLogin Configuration field, set the SAML nameID format to Email.
  11. Open the OneLogin Parameters menu.
  12. Add the NameID Value and set to Email.
  13. Open the OneLogin SSO menu and ensure the SAML Signature Algorithm is set to SHA-256.
  14. Open the OneLogin SSO menu page and assign access to your Users.
  15. Open your newly-created application and click the More Actions menu.
  16. Select SAML Metadata to download the XML file.

Task 2: Upload OneLogin metadata to Vulnerability Management (InsightVM)
Copy link

  1. Log in to the Vulnerability Management (InsightVM) Security Console.
  2. Go to Administration.
  3. Under Console > Authentication, select 2FA and SSO.
  4. Click CONFIGURE SAML SOURCE.
  5. Click Choose File and select the OneLogin metadata XML file.
  6. Click Open.
  7. Save and restart the Vulnerability Management (InsightVM) Security Console service.

Task 3: Create users on the Vulnerability Management (InsightVM) console
Copy link

  1. Log in to the Vulnerability Management (InsightVM) Security Console.
  2. Go to Administration > User Management > Add User.
  3. Fill out the required fields. Note that email address is case sensitive and must match the existing identity provider user account email exactly.
  4. From the Authorization Method drop-down menu, select SAML.
  5. Select a User Role.
  6. Assign Site and Asset Group Permissions.
  7. Click Add.

Now, you can use the Vulnerability Management (InsightVM) application tile in OneLogin to authenticate in to your Vulnerability Management (InsightVM) Security Console.