SAML-based Single Sign-On Integration
This document is for:
Invicti Platform
SAML (Security Assertion Markup Language) is a markup language designed for exchanging authentication information between the user, the identity provider (IdP), and the service provider (SP).
Invicti Platform supports both IdP-initiated and SP-initiated SAML methods.
Setup instructions may vary by the Identity Provider (IdP). Refer to the linked documents if you need a guide for AD FS, Entra ID, Google, Okta, OneLogin, or PingIdentity. |
This document explains the general steps to configure SAML-based authentication with Invicti Platform.
How to configure SAML-Based Single Sign-On Integration
- In Invicti, select Settings > Security & Access Control > SSO from the left-side menu.
- Turn on the Enable SSO toggle.
- Select GeneralSAMLv2 from the SSO Provider dropdown list.
- If your IdP (Identity Provider) requires you to specify a SAML Identifier for Invicti (it may also be referred to as the Audience or Target URL), use the value from the Identifier field.
- If your IdP requires you to specify a Consumer URL (it may also be referred to as the SSO Endpoint or Recipient URL), use the value from the SAML 2.0 Service URL field.
- From your IdP, retrieve the URL for the SSO Endpoint field and paste it into Invicti's SAML 2.0 Endpoint field.
- From your IdP, retrieve the IdP Identifier field and paste it into Invicti's IdP Identifier field.
- Export your X.509 certificate, copy its content, and paste its value into Invicti's X.509 Certificate field.
- Select the checkboxes for signed assertions, encrypted assertions, or sign requests as needed.
- If you enable any assertions or requests, a new section appears where you can Generate a new certificate or upload an existing one.
- Use Invicti’s SSO Exemptions dropdown to select users who can log in to Invicti via password.
- Click Save.
To learn more about the Single Sign-On fields, refer to the Single Sign-On configuration document. |