SAML for Tenable One

You can configure Tenable One products to accept credentials from your SAML identity provider. This allows for an additional layer of security, where the SAML credentials are certified for use within Tenable One. Once you enable SAML for a user, they can log in to Tenable One directly through their identity provider, which automatically signs them in and redirects them to the Tenable One Workspace landing page.

These instructions apply to the Tenable One product suite as well as the following products purchased individually. For more information, see the table on the Welcome page.

  • Tenable Vulnerability Management

  • Tenable Web App Scanning

  • Legacy Tenable Cloud Security

  • Tenable Attack Surface Management

While several configuration steps occur directly in the Tenable user interface, the entire SAML configuration process includes several processes across multiple applications. This guide describes three of the most commonly used Identity Providers (IdPs) and how to configure them for use with Tenable One SAML from start to finish.

Important: Because Tenable One cannot accept private keys to decrypt SAML assertions, Tenable One does not support SAML assertion encryption. If you want to configure SAML authentication in Tenable One, choose an identity provider that does not require assertion encryption and confirm that assertion encryption is not enabled.

To get started, see the following topics: