Configure SAML User Provisioning

You can enable user provisioning to automatically create SAML-authenticated users in Tenable Security Center by importing user accounts from your SAML identity provider. When user provisioning is enabled, users who log into your SAML identity provider are automatically created in Tenable Security Center. For more information, see SAML User Provisioning.

To manually create SAML-authenticated users in Tenable Security Center, see Add a SAML-Authenticated User.

For more information about user account configuration options, see SAML User Account Options.

Before you begin:

• Review the Tenable SAML Configuration Quick-Reference guide for a step-by-step guide of how to configure SAML for use with Tenable Security Center.
• Configure SAML authentication, as described in Configure SAML Authentication Manually via the User Interface.

To import SAML-authenticated user accounts from your SAML identity provider:

1. Log in to Tenable Security Center via the user interface.

2. In the left navigation, click System > Configuration.

   The Configuration page appears.

3. Click the SAML button.

   The SAML Configuration page appears.

4. In the SAML Settings section, click the toggle to enable User Provisioning.

5. (Optional) To automatically update contact information for imported SAML-authenticated users, click the User Data Sync toggle. For more information about User Data Sync, see SAML Authentication Options.

6. Click Submit.

   Tenable Security Center saves your configuration.

What to do next:

• In your SAML identity provider, map the required Tenable Security Center user attribute fields to the corresponding fields for users in your identity provider: Organization ID, Group ID, and Role ID.

  Note: Tenable Security Center uses the fields listed in the Attribute Mapping section to create and update users in Tenable Security Center. Any Tenable fields that you map to corresponding fields in your SAML identity provider populate when Tenable Security Center imports SAML users into Tenable Security Center. If you enable User Data Sync, each time a user logs into Tenable Security Center using your SAML identity provider, Tenable Security Center updates any mapped attribute fields in Tenable Security Center with values from the corresponding fields in your SAML identity provider.