SAML

You can integrate OT Security with your organization’s identity provider (for example, Microsoft Azure). This enables users to authenticate using their identity provider. The configuration involves setting up the integration by creating a OT Security application within your identity provider, entering information about your created OT Security application and uploading your identity provider’s Certificate to the OT Security SAML page, and then mapping groups from your identity provider to User Groups in OT Security. For a detailed tutorial for integrating OT Security with Microsoft Azure, see Appendix — SAML Integration for Microsoft Azure

To configure SAML:

  1. Go to Local Settings >Users Management > SAML.

  2. Click Configure.

    The Configure SAML panel appears.

  3. In the IDP ID box, type the Identity Provider’s ID for the OT Security application.

  4. In the IDP URL box, type the Identity Provider’s URL for the OT Security application.

  5. In Certificate Data, click Drop File Here, navigate to the Identity Provider’s Certificate file you downloaded for use with the OT Security application and open it.

  6. In the Username Attribute box, type the username attribute from the Identity Provider for the OT Security application.

  7. In the Groups Attribute box, type the groups attribute from the Identity Provider for the OT Security application.

  8. (Optional) In the Description box, type a description.

  9. For each group mapping that you want to configure, access the Identity Provider’s Group Object ID for a group of users and enter it into the desired Group Object ID field to map it to the desired OT Security User Group.

  10. Click Save to save and close the side panel.

  11. On the SAML window, click the SAML single sign on login toggle to enable single sign-on login.

    The System Restart notification window appears.

  12. Click Restart Now to restart the system and apply the SAML configuration immediately, or click Restart Later to delay the application of the SAML configuration the next time the system is restarted. If you choose to restart later, OT Security shows following banner until the restart is done:

    Upon reboot, the settings are activated, and any user assigned to the designated groups can access the OT Security platform using their Identity Provider credentials.