SAML

You can integrate OT Security EM with your organization’s identity provider (for example, Microsoft Entra ID). This enables users to authenticate using their identity provider. The configuration involves setting up the integration by creating an OT Security EM application within your identity provider, by entering information about your created OT Security EM application, and uploading your identity provider’s Certificate to the OT Security SAML page. Then, map the groups from your identity provider to User Groups in OT Security EM.

To configure SAML:

  1. Go to Local Settings >Users Management > SAML.

  2. Click Configure.

    The Configure SAML panel appears.

  3. In the IDP ID box, type the Identity Provider’s ID for the OT Security EM application.

  4. In the IDP URL box, type the Identity Provider’s URL for the OT Security EM application.

  5. In Certificate Data, click Drop File Here, navigate to and open the Identity Provider’s Certificate file you downloaded for use with the OT Security EM application.

  6. In the Username Attribute box, type the username attribute from the Identity Provider for the OT Security EM application.

  7. In the Groups Attribute box, type the groups attribute from the Identity Provider for the OT Security EM application.

  8. (Optional) In the Description box, type a description.

  9. For each group mapping that you want to configure, access the Identity Provider’s Group Object ID for a group of users and enter it into the required Group Object ID box to map it to the required OT Security EM User Group.

  10. Click Save to save and close the side panel.

  11. On the SAML window, click the SAML single sign-on login toggle to enable single sign-on login.

    The System Restart notification window appears.

  12. Click Restart Now to restart the system and apply the SAML configuration immediately, or click Restart Later to delay the application of the SAML configuration at the next system restart.

    If you choose to restart later, OT Security EM shows following banner until the next restart:

    After the restart, the settings are activated to allow any user belonging to the designated groups access the OT Security EM platform using their Identity Provider credentials.