Add a SAML Configuration
The following feature is not supported in Tenable.io Federal Risk and Authorization Management Program (FedRAMP) environments. For more information, see the FedRAMP Product Offering.
Required User Role: Administrator
You can manually enter the details for your SAML configuration or you can upload a metadata.xml file that you download from your identity provider (IdP).
Before you begin:
Follow the steps described in your IdP's documentation to set up a SAML application for Tenable.io on your IdP account.
Note: Your IdP requires an entity ID and a reply URL for Tenable.io to set up the SAML application. The entity ID for Tenable.io is TENABLE_IO_placeholder. The reply URL for Tenable.io is https://cloud.tenable.com/SAML/login/placeholder.com.
In your IdP account, download your metadata.xml file.
Note: Tenable does not currently support a SP-Initiated SAML flow. Because it must be initiated from the Identity Provider side, navigating directly to https://cloud.tenable.com does not allow SSO. Additionally, all users must have an account configured in Tenable.io that matches their SSO login.
To add a new SAML configuration:
In the upper-left corner, click the button.
The left navigation plane appears.
In the left navigation plane, click Settings.
The Settings page appears.
Click the SAML tile.
The SAML page appears.
In the action bar, click Create.
The SAML Settings page appears.
Do one of the following:To provide configuration details by uploading the metadata.xml file from your IdP:
To manually create your SAML configuration using data from the metadata.xml file from your IdP:
In the first drop-down box, select Import XML.
Note: Import XML is selected by default.
Under Import, click Add File.
A file manager window appears.
Select the metadata.xml file.
The metadata.xml file is uploaded.
In the first drop-down box, select Manual Entry.
A SAML configuration form appears.
Configure the settings described in the following table:
Settings Description Type Specifies the type of identity provider you are using. Tenable.iosupports SAML 2.0 (for example, Okta, OneLogin, etc.).
This option is read-only.
Description A description for the SAML configuration. IdP Entity ID
The unique entity ID that your IdP provides.
Note: If you want to configure multiple IdPs for a user account, create a new configuration for each identity provider with separate identity provider URLs, entity IDs, and signing certificates.
IdP URL The SAML URL for your IdP. Certificate
Your IdP security certificate or certificates.
Note: Security certificates are found in a metadata.xml file that your identity provider provides. You can copy the content of the file and paste it in the Certificate box.
By default, the Enable setting is set to Enabled.
User Auto Provisioning Enabled
Tenable.iosaves your SAML configuration.
What to do next:
Download the metadata.xml from Tenable.io using the Download SP Metadata option in the SAML Configurations table.
Upload this file to the SAML application you created for Tenable.io with your SAML provider.