Configure SSO Authentication

You can configure SAML authentication so Tenable.io users can use provider-initiated single sign-on (SSO) when logging in to Tenable.io. Tenable.io supports:

  • SAML 2.0-based authentication (for example, Okta or OneLogin)

  • Shibboleth 1.3 authentication

To configure SSO authentication:

  1. Get the identity provider (IdP) .xml metadata file from your SAML provider.

    Note: Follow your SAML providers instructions to generate the IdP .xml file.

  2. Contact Tenable Support, provide the IdP .xml file and a valid Tenable.io email address, and ask Tenable Support to enable SAML on your account.

    Tenable Support uses the IdP .xml file you provided to generate the service provider (SP) .xml metadata file for you to finish configuring SSO.

    Note:Tenable does not currently support a SP-initiated SAML flow. You cannot navigate directly to Tenable.io for SSO; it must be initiated from the IdP side.