SAML User Provisioning

You can enable user provisioning to automatically create SAML-authenticated users in Tenable.sc Director by importing user accounts from your SAML identity provider. When user provisioning is enabled, users who log into your SAML identity provider are automatically created in Tenable.sc Director. For more information about SAML authentication in Tenable.sc, see SAML Authentication.

If you enable user provisioning and a user who does not have a Tenable.sc Director user account logs in using your SAML identity provider, Tenable.sc Director automatically creates a user account for them in Tenable.sc Director.

Tenable.sc Director creates users using data from attribute fields you map to the corresponding fields in your SAML identity provider. If you enable User Data Sync, each time a user logs into Tenable.sc Director using your SAML identity provider, Tenable.sc Director updates any mapped attribute fields in Tenable.sc Director with values from the fields in your SAML identity provider. For more information about User Data Sync, see SAML Authentication Options.

Note: If you want to edit a Tenable.sc user that was created via SAML user provisioning and you enabled User Data Sync, edit the user in your SAML identity provider. Otherwise, the Tenable.sc user data sync overwrites your changes the next time the user logs in to Tenable.sc using your SAML identity provider.

Note: If you want to delete a Tenable.sc user that was created via SAML user provisioning, delete the user from your SAML identity provider. If you delete a user in Tenable.sc that was created via SAML user provisioning without deleting the user in your SAML identity provider, Tenable.sc automatically re-creates the user in Tenable.sc the next time they log in using your SAML identity provider.

For more information, Configure SAML User Provisioning.