Unified VRM can be configured to allow you to authenticate through an external identity provider using SAML. This documentation will show the requirements for SAML configuration and also how to configure SSO with OKTA and OneLogin.
SAML configuration
Please complete the following to enable SSO:
- Send support@nopsec.com your SAML Metadata endpoint or document.
-
Create a custom mapping in your SAML configuration to explicitly pass an email address under an attribute "email". See the instructions for your respective SSO provider.
An example for google attribute mapping:
- Create a new SAML app with the following configuration.
- Entity ID: urn:amazon:cognito:sp:us-east-1_Gods5pVuS
- ACS URL: https://auth.nopsec.com/saml2/idpresponse
- NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
- Subject Type: Username
- Make sure to assign users to the newly created “NopSec UVRM” app. If you click into the App, you should be able to view a list of assigned users/groups.
Please notify support@nopsec.com once all of the above steps are complete.
NopSec will then configure its SAML configuration in order to complete SSO for your organization. When this is complete, you will hear back from NopSec support.
UVRM SSO configuration using OKTA
- Under applications, select “Add Application”
-
Select “Create New App”
- Select “Web” and “SAML 2.0”
- Enter “Nopsec UVRM” or any name to help you identify it properly. Click on “Next”
-
Under SAML settings, enter:
- Single Sign on URL (ACS URL): https://auth.nopsec.com/saml2/idpresponse and check “Use this for Recipient URL and Destination URL”
- Audience URI (SP Entity ID): urn:amazon:cognito:sp:us-east-1_Gods5pVuS
- Defaut RelayState: leave it blank
- Name ID format: Persistent
- Application username: Email
- Attribute statement (Optional)
- Name: email
- Value: user.email
Click “Next” and save the newly created app. Send the meta data back to NopSec so it can be configured by NopSec.
6. Go back to “Applications” and ensure to assign users to the newly created “NopSec UVRM” app. If you click into the App, you should be able to view a list of assigned users/groups.
Please note: even though Nopsec currently supports SSO through SAML 2.0, UVRM user accounts still have to be created in advance before the user can login through SSO.
UVRM SSO configuration using OneLogin
1. Create as SAML test connector 2.0. Enter the following fields in the Configuration section.
- RelayState: https://uvrm.nopsec.com
- Audience (EntityID): urn:amazon:cognito:sp:us-east-1_Gods5pVuS
- ACS (Consumer) URL Validator: https://auth.nopsec.com/saml2/idpresponse
- ACS (Consumer) URL: https://auth.nopsec.com/saml2/idpresponse
See screenshots below and enter fields accordingly.
2. Enter the fields below in the Parameters section.
3. Ensure to assign users to the newly created “NopSec UVRM” app. If you click into the App, you should be able to view a list of assigned users/groups.
Please notify support@nopsec.com once all of the above steps are complete.
NopSec will then configure its SAML configuration in order to complete SSO for your organization. When this is complete, you will hear back from NopSec support.
Please note: even though Nopsec currently supports SSO through SAML 2.0, UVRM user accounts still have to be created in advance before the user can login through SSO.