Configure OneLogin as a SAML source
Task 1: Create a new application in OneLogin
- Log in to OneLogin.
- Select Applications
- Click Add App.
- Search for
SAML Test
and select the SAML Custom Connector (Advanced). - Name your Application (for example:
InsightVM Console
). - In the Audience (Entity ID) field, paste your InsightVM Security Console Entity ID URL (for example:
http://rapid7.com/nsc/console/…
). - In the Recipient field, paste your InsightVM Security Assertion Consumer Service (ACS) URL (for example:
https://<console-hostname>:<console-port>/saml/SSO
). If the ACS URL contains a hostname or fully-qualifed domain name (FQDN), set a Base Entity URL in the InsightVM Security Console. - In the ACS (Consumer) URL Validator field, enter the
*
(asterisk) symbol. - In the ACS (Consumer) URL field, enter the same ACS URL as the one in the Recipient field.
- In the OneLogin Configuration field, set the SAML nameID format to Email.
- Open the OneLogin Parameters menu.
- Add the NameID Value and set to Email.
- Open the OneLogin SSO menu and ensure the SAML Signature Algorithm is set to SHA-256.
- Open the OneLogin SSO menu page and assign access to your Users.
- Open your newly-created application and click the More Actions menu.
- Select SAML Metadata to download the XML file.
Task 2: Upload OneLogin metadata to InsightVM
- Log in to the InsightVM Security Console.
- Go to Administration.
- Under Console > Authentication, select 2FA and SSO.
- Click CONFIGURE SAML SOURCE.
- Click Choose File and select the OneLogin metadata XML file.
- Click Open.
- Save and restart the InsightVM Security Console service.
Task 3: Create users on the InsightVM console
- Log in to the InsightVM Security Console.
- Go to Administration > User Management > Add User.
- Fill out the required fields. Note that email address is case sensitive and must match the existing identity provider user account email exactly.
- From the Authorization Method drop-down menu, select SAML.
- Select a User Role.
- Assign Site and Asset Group Permissions.
- Click Add.
Now, you can use the InsightVM application tile in OneLogin to authenticate in to your InsightVM Security Console.
Did this page help you?