Application Security Platform
SSO

SAML-based Single Sign-On Integration

This document is for:
Invicti Platform

SAML (Security Assertion Markup Language) is a markup language designed for exchanging authentication information between the user, the identity provider (IdP), and the service provider (SP).

Invicti Platform supports both IdP-initiated and SP-initiated SAML methods.

Setup instructions may vary by the Identity Provider (IdP). Refer to the linked documents if you need a guide for AD FS, Entra ID, Google, Okta, OneLogin, or PingIdentity.

This document explains the general steps to configure SAML-based authentication with Invicti Platform.

How to configure SAML-Based Single Sign-On Integration

  1. In Invicti, select Settings > Security & Access Control > SSO from the left-side menu.
  2. Turn on the Enable SSO toggle.
  3. Select GeneralSAMLv2 from the SSO Provider dropdown list.
  4. If your IdP (Identity Provider) requires you to specify a SAML Identifier for Invicti (it may also be referred to as the Audience or Target URL), use the value from the Identifier field.
  5. If your IdP requires you to specify a Consumer URL (it may also be referred to as the SSO Endpoint or Recipient URL), use the value from the SAML 2.0 Service URL field.

General SAML 2.0 configuration for SSO in Invicti Platform.

  1. From your IdP, retrieve the URL for the SSO Endpoint field and paste it into Invicti's SAML 2.0 Endpoint field.
  2. From your IdP, retrieve the IdP Identifier field and paste it into Invicti's IdP Identifier field.
  3. Export your X.509 certificate, copy its content, and paste its value into Invicti's X.509 Certificate field.

Setup of SAML 2.0 Endpoint, IdP Identifier, and X.509 Certificate in Invicti Platform.

  1. Select the checkboxes for signed assertions, encrypted assertions, or sign requests as needed.

Additional security options in Invicti Platform including assertions and sign requests.

  1. If you enable any assertions or requests, a new section appears where you can Generate a new certificate or upload an existing one.
  2. Use Invicti’s SSO Exemptions dropdown to select users who can log in to Invicti via password.
  3. Click Save.

To learn more about the Single Sign-On fields, refer to the Single Sign-On configuration document.

Share This Article