Configure SAML Authentication Manually via the User Interface

You can use this method to configure most types of SAML authentication via the Tenable Security Center Director interface. However, you may prefer a more streamlined method:

• To configure SAML Authentication automatically, use the method described in Configure SAML Authentication Automatically via the User Interface.

• If you encounter issues with either method (for example, when configuring Microsoft ADFS), try the module method described in Configure SAML Authentication via the SimpleSAML Module.

For more information about SAML authentication and SAML authentication options, see SAML Authentication.

Before you begin:

• Review the Tenable SAML Configuration Quick-Reference guide for a step-by-step guide of how to configure SAML for use with Tenable Security Center Director.

• Save your identity provider SAML metadata file to a directory on your local computer.

To configure SAML authentication for Tenable Security Center Director users:

1. Log in to Tenable Security Center Director via the user interface.

2. In the left navigation, click System > Configuration.

   The Configuration page appears.

3. Click the SAML button.

   The SAML Configuration page appears.

4. In the General section, confirm the SAML toggle is enabled.

   If you want to disable SAML authentication for Tenable Security Center Director users, click the toggle.

5. In the Source drop-down box, select Entry.

   The page updates to display additional options.

6. In the SAML Settings section, configure the options:

   1. In the Type drop-down box, select SAML 2.0 (e.g., Okta, OneLogin, Shibboleth 2.0, etc.).

   2. In the Entity ID box, type the name of the Entity ID attribute exactly as it appears in your identity provider SAML configuration. The Entity ID must be in URL format.

   3. In the Identity Provider (IdP) box, type identity provider identifier string.

   4. In the Username Attribute box, type the SAML username attribute exactly as it appears in your identity provider SAML configuration. This field is case-sensitive.

   5. In the Single Sign-on Service box, type the identity provider URL where users log in via single sign-on exactly as it appears in your identity provider SAML metadata.

   6. In the Single Logout Service box, type the identity provider URL where users log out exactly as it appears in your identity provider SAML metadata.

   7. In the Certificate Data box, paste the text of the identity provider's X.509 SSL certificate, without the ===BEGIN CERT=== and the ===END CERT=== strings.

7. Click Submit.

   Tenable Security Center Director saves your configuration.

What to do next:

• Click Download SAML Configuration XML, save the .xml file locally, and use it to configure your identity provider SAML configuration. For more information, see SAML Authentication XML Configuration Examples.

• Add SAML-authenticated user accounts.

  • To manually add SAML-authenticated users in Tenable Security Center Director, see Add a SAML-Authenticated User.

  • To automatically add SAML-authenticated users by importing users from your SAML identity provider, see Configure SAML User Provisioning.

• Instruct users to log in to Tenable Security Center Director using the Sign In Using Identity Provider button, as described in Log In to the Web Interface.