SAML

You can configure Tenable MSSP to accept credentials from your SAML identity provider (for example, Okta). This allows for an additional layer of security, where the SAML credentials are certified for use within Tenable MSSP. Once you enable SAML for a user, they can log in to Tenable MSSP directly through their identity provider, which automatically signs them in and redirects them to the Tenable MSSP landing page.

On the SAML page, you can view and manage your SAML credentials. You can also enable, disable, and add new configurations for users within your Tenable MSSP instance.

Tip: Review the Tenable SAML Configuration Quick-Reference guide for a step-by-step guide of how to configure SAML for use with Tenable MSSP.

Note: Tenable MSSP supports SAML 2.0 configurations.

Important: Because Tenable MSSP cannot accept private keys to decrypt SAML assertions, Tenable MSSP does not support SAML assertion encryption. If you want to configure SAML authentication in Tenable MSSP, choose an identity provider that does not require assertion encryption and confirm that assertion encryption is not enabled.

SAML Details

On the SAML page, you can view a table that includes the following details about your SAML configurations:

Column Description
UUID The UUID that Tenable MSSP automatically generates when you create a new SAML configuration.
Description

A description for the SAML configuration.

Last Login

The date and time on which a user on your instance last successfully logged in via the SAML configuration.

Note: The Last Login column shows a value only if Tenable MSSP has login data for the SAML identity provider.
Last Attempted Login

The date and time on which a user on your instance last attempted to log in via the SAML configuration.

Note: The Last Attempted Login column shows a value only if Tenable MSSP has attempted login data for the SAML identity provider.
Certificate

The certificate for the SAML configuration.

In the certificate column, you can complete the following tasks.

  • Click the button to copy the certificate to your clipboard.

  • Hover over the button to view the certificate expiration date.

    Note: Your identity provider determines the expiration date for your certificate.
Actions

An interactive column from which you can download the metadata.xml file that contains one or more security certificates for the configuration.

To download the metadata.xml file:

  1. In the Actions column for the configuration from which you want to download a metadata.xml file, click the button.

    An options menu appears.

  2. In the menu, click Download SP Metadata.

    Tenable MSSP downloads the metadata.xml file to your computer.

On the SAML page, you can perform the following tasks: