Implementation/Admin Learning Path
      Back to home
      1. Knowledge Base
      2. Implementation/Admin Learning Path

      How do I configure Basic SSO

      You will be able to configure Basic SSO with the help of your NopSec Customer Success team.

      Overview

      In 6.0 we do not yet have Self-Service SSO configuration. This will be enabled by end of 2023. In the meantime, the following documentation should allow an IAM team to configure an SSO application to correctly communicate with NopSec. 

      Please follow the instructions and provide your Customer Success team with your XML Metadata file or Metadata URL via Email. Also include what Email address claim was used within the SSO platform.

      Basic SSO

      Unified VRM can be configured to allow you to authenticate through an external identity provider using SAML v2. 

      SAML configuration on your SSO Provider

      1. Create a new SAML app with the following configuration.
        1. Entity ID: urn:amazon:cognito:sp:us-east-2_WQufeTEAY 
        2. ACS (aka. Response) URLs:

          1. https://prod-us2.auth.us-east-2.amazoncognito.com/saml2/idpresponse

          2. https://auth-prod-us2.nopsec.com/saml2/idpresponse

        1. We require an Email Address to be the unique value sent to us.
          1. You may choose to do this via a Name claim or an Email Address Claim.
          2. We just need to know which claim holds the email address and how it was named in your SSO platform.
      2. Make sure to assign users to the newly created “NopSec UVRM” app. 
      3. Please notify support@nopsec.com once all of the above steps are complete and provide them with the XML Metadata file or the Metadata URL as well as the specific Claim holding the email address.

      NopSec will then configure its SAML configuration in order to complete SSO for your organization. When this is complete, you will hear back from NopSec support.

      Once this is configured, all users who are authenticated via the SSO provider will be redirected to UVRM. If this is their first time a User Account will automatically be created for them and they will be placed within the Default team receiving limited access to the platform and data. Admins will be responsible for placing them within the correct teams to receive more access.

      Self-Service SSO

      We aim to provide Self-Service SSO in Q1 2024.