Configure OneLogin as a SAML source

Task 1: Create a new application in OneLogin

  1. Log in to OneLogin.
  2. Select Applications
  3. Click Add App.
  4. Search for SAML Test and select the SAML Custom Connector (Advanced).
  5. Name your Application (for example: InsightVM Console).
  6. In the Audience (Entity ID) field, paste your InsightVM Security Console Entity ID URL (for example: http://rapid7.com/nsc/console/…).
  7. In the Recipient field, paste your InsightVM Security Assertion Consumer Service (ACS) URL (for example: https://<console-hostname>:<console-port>/saml/SSO). If the ACS URL contains a hostname or fully-qualifed domain name (FQDN), set a Base Entity URL in the InsightVM Security Console.
  8. In the ACS (Consumer) URL Validator field, enter the * (asterisk) symbol.
  9. In the ACS (Consumer) URL field, enter the same ACS URL as the one in the Recipient field.
  10. In the OneLogin Configuration field, set the SAML nameID format to Email.
  11. Open the OneLogin Parameters menu.
  12. Add the NameID Value and set to Email.
  13. Open the OneLogin SSO menu and ensure the SAML Signature Algorithm is set to SHA-256.
  14. Open the OneLogin SSO menu page and assign access to your Users.
  15. Open your newly-created application and click the More Actions menu.
  16. Select SAML Metadata to download the XML file.

Task 2: Upload OneLogin metadata to InsightVM

  1. Log in to the InsightVM Security Console.
  2. Go to Administration.
  3. Under Console > Authentication, select 2FA and SSO.
  4. Click CONFIGURE SAML SOURCE.
  5. Click Choose File and select the OneLogin metadata XML file.
  6. Click Open.
  7. Save and restart the InsightVM Security Console service.

Task 3: Create users on the InsightVM console

  1. Log in to the InsightVM Security Console.
  2. Go to Administration > User Management > Add User.
  3. Fill out the required fields. Note that email address is case sensitive and must match the existing identity provider user account email exactly.
  4. From the Authorization Method drop-down menu, select SAML.
  5. Select a User Role.
  6. Assign Site and Asset Group Permissions.
  7. Click Add.

Now, you can use the InsightVM application tile in OneLogin to authenticate in to your InsightVM Security Console.