SAML-based Single Sign-On Integration

SAML (Security Assertion Markup Language) is a markup language designed for exchanging authentication information between the user, the identity provider (IdP), and the service provider (SP).

Invicti Platform supports both IdP-initiated and SP-initiated SAML methods.

This document explains the general steps to configure SAML-based authentication with Invicti Platform.

How to configure SAML-Based Single Sign-On Integration

1. In Invicti, select Settings > Security & Access Control > SSO from the left-side menu.
2. Turn on the Enable SSO toggle.
3. Select GeneralSAMLv2 from the SSO Provider dropdown list.
4. If your IdP (Identity Provider) requires you to specify a SAML Identifier for Invicti (it may also be referred to as the Audience or Target URL), use the value from the Identifier field.
5. If your IdP requires you to specify a Consumer URL (it may also be referred to as the SSO Endpoint or Recipient URL), use the value from the SAML 2.0 Service URL field.

6. From your IdP, retrieve the URL for the SSO Endpoint field and paste it into Invicti's SAML 2.0 Endpoint field.
7. From your IdP, retrieve the IdP Identifier field and paste it into Invicti's IdP Identifier field.
8. Export your X.509 certificate, copy its content, and paste its value into Invicti's X.509 Certificate field.

9. Select the checkboxes for signed assertions, encrypted assertions, or sign requests as needed.

10. If you enable any assertions or requests, a new section appears where you can Generate a new certificate or upload an existing one.
11. Use Invicti’s SSO Exemptions dropdown to select users who can log in to Invicti via password.
12. Click Save.