Configure SAML User Provisioning

Required User Role: Administrator

You can enable user provisioning to automatically create SAML-authenticated users in Tenable.sc Director by importing user accounts from your SAML identity provider. When user provisioning is enabled, users who log into your SAML identity provider are automatically created in Tenable.sc Director. For more information, see SAML User Provisioning.

To manually create SAML-authenticated users in Tenable.sc Director, see Add a SAML-Authenticated User.

For more information about user account configuration options, see SAML User Account Options.

Before you begin:

To import SAML-authenticated user accounts from your SAML identity provider:

  1. Log in to Tenable.sc Director via the user interface.

  2. In the top navigation bar, click System > Configuration.

    The Configuration page appears.

  3. Click the SAML button.

    The SAML Configuration page appears.

  4. In the SAML Settings section, click the toggle to enable User Provisioning.
  5. (Optional) To automatically update contact information for imported SAML-authenticated users, click the User Data Sync toggle. For more information about User Data Sync, see SAML Authentication Options.

  6. Click Submit.

    Tenable.sc Director saves your configuration.

What to do next:

  • In your SAML identity provider, map the required Tenable.sc user attribute fields to the corresponding fields for users in your identity provider: Organization ID, Group ID, and Role ID.

    Note: Tenable.sc Director uses the fields listed in the Attribute Mapping section to create and update users in Tenable.sc Director. Any Tenable fields that you map to corresponding fields in your SAML identity provider populate when Tenable.sc Director imports SAML users into Tenable.sc Director. If you enable User Data Sync, each time a user logs into Tenable.sc Director using your SAML identity provider, Tenable.sc Director updates any mapped attribute fields in Tenable.sc Director with values from the corresponding fields in your SAML identity provider.