SAML

You can configure Tenable PCI ASV to accept credentials from your SAML identity provider (for example, Okta). This allows for an additional layer of security, where the SAML credentials are certified for use within Tenable PCI ASV. Once you enable SAML for a user, they can log in to Tenable PCI ASV directly through their identity provider, which automatically signs them in and redirects them to the Tenable PCI ASV landing page.

On the SAML page, you can view and manage your SAML credentials. You can also enable, disable, and add new configurations for users within your Tenable PCI ASV instance.

Tip: Review the Tenable SAML Configuration Quick-Reference guide for a step-by-step guide of how to configure SAML for use with Tenable PCI ASV.

Note: Tenable PCI ASV supports SAML 2.0 configurations.

Note: Once SAML is configured for a user, they must log in using the IdP Tile or the URL provided in the SP metadata file (for example, cloud.tenable.com/SAML/XXXXXX) and log back out before they can access the Sign in via SSO link on the Tenable PCI ASV login page.
Important: Because Tenable PCI ASV cannot accept private keys to decrypt SAML assertions, Tenable PCI ASV does not support SAML assertion encryption. If you want to configure SAML authentication in Tenable PCI ASV, choose an identity provider that does not require assertion encryption and confirm that assertion encryption is not enabled.

SAML Details

On the SAML page, you can view a table that includes the following details about your SAML configurations:

Column Description
UUID The UUID that Tenable PCI ASV automatically generates when you create a new SAML configuration.
Description

A description for the SAML configuration.

Last Login

The date and time on which a user on your instance last successfully logged in via the SAML configuration.

Note: The Last Login column shows a value only if Tenable PCI ASV has login data for the SAML identity provider.
Last Attempted Login

The date and time on which a user on your instance last attempted to log in via the SAML configuration.

Note: The Last Attempted Login column shows a value only if Tenable PCI ASV has attempted login data for the SAML identity provider.
Certificate

The certificate for the SAML configuration.

In the certificate column, you can complete the following tasks.

  • Click the button to copy the certificate to your clipboard.

  • Hover over the button to view the certificate expiration date.

    Note: Your identity provider determines the expiration date for your certificate.
Actions

An interactive column from which you can download the metadata.xml file that contains one or more security certificates for the configuration.

To download the metadata.xml file:

  1. In the Actions column for the configuration from which you want to download a metadata.xml file, click the button.

    An options menu appears.

  2. In the menu, click Download SP Metadata.

    Tenable PCI ASV downloads the metadata.xml file to your computer.

For more information, see the following topics: