Configure Azure as a SAML source
Create the SAML 2.0 application in Azure
- In Azure, search for Enterprise Applications and click New Application.
- Click Create your own application.
- In the application wizard on the right-hand side, give the application. We recommend
Rapid7 InsightVM Console
- Select Integrate any other application you don't find in the gallery.
- Click Create.
- In the Users and groups section of the left menu, click Add user/group.
- Complete the wizard for adding a user to the application.
- To configure SSO, click Single Sign-on in the left-hand menu and select SAML.
Basic Azure SAML Configuration
- In Section 1, Basic SAML Configuration, click Edit.
- In the Identifier (Entity id) field, add your InsightVM Security Console’s Entity id UR, for example:
http://rapid7.com/nsc/console/…
- For your Reply URL (Assertion Consumer Service URL) add your InsightVM Security Console ACS URL, for example:
https://<console-hostname>:<console-port>/saml/SSO
- If ACS URL contains hostname/FQDN, you must set a Base Entity URL in the InsightVM Security Console.
Azure User Attributes and Claims
- In Section 2, User Attributes & Claims, click Edit, and go to the Additional Claims section.
- Set the Required Claim NameID to user.userprincipalname.
- Under Additional Claims, delete all claims except for user.mail.
- Click the user.mail claim and set the claim name to emailaddress.
- Delete the Namespace value so it remains blank
- Set the Source Attribute to user.mail.
- Click Save.
Download and upload SAML metadata
- In Section 3, click SAML Certificates > Federation Metadata XML.
- Click Download.
- In the Security Console, go the Administration page.
- In the Console section, click Authentication: 2FA and SSO.
- Click Configure SAML Source.
- Click Choose File and select the Azure metadata XML file.
- Click Save.
- Restart the console services.
Create a user in the Security Console
- On the Administration page, under User Management, click Add User.
- Complete the required User Information fields. The E-mail address field is case sensitive, and must exactly match the existing IdP user account email value.
- Select SAML Authorization Method > SAML.
- Select the User Role.
- Assign Site and Asset Group Permissions.
- Click Save.
Authenticate to InsightVM using SAML
- Login to your Azure application landing page.
- Select the Rapid7 InsightVM Console tile.
Did this page help you?