Edit a SAML Configuration

Required User Role: Administrator

You can edit a SAML configuration on the SAML page.

To edit a SAML configuration:

  1. In the upper-left corner, click the Menu button.

    The left navigation plane appears.

  2. In the left navigation plane, click Settings.

    The Settings page appears.

  3. Click the SAML tile.

    The SAML page appears.

  4. In the SAML table, click the SAML configuration that you want to edit.

    The SAML Settings page appears.

  5. (Optional) In the first drop-down box, select a different method to provide basic configuration details.

    • Import XML — Configure SAML authentication by uploading the metadata file your IdP provided, as described in Add a New SAML Configuration.

    • Manual Entry — Configure SAML authentication by manually configuring SAML options using data from the metadata.xml file your IdP provided, as described in Add a New SAML Configuration.

      Tenable Vulnerability Management updates the configuration options based on your selected source.

  6. Update any of the configurable SAML settings described in the following table.

    Note: Some settings are read-only and cannot be modified.

    Note: The configuration options you can update depend on the source you select in the first drop-down box.

    Settings Source Description
    Enabled toggle Manual Entry

    Indicates whether the SAML configuration is enabled or disabled.

    By default, the Enable setting is set to Enabled. In the upper-right corner, click the toggle to disable SAML configuration.

    Type Manual Entry , Import XML Specifies the type of identity provider you are using. Tenable Vulnerability Management supports SAML 2.0 (e.g., Okta, OneLogin, etc.).
    UUID Entry, Import XML

    A unique identifier for your identity provider that Tenable Vulnerability Management automatically generates when you create a new SAML configuration.

    This box is read-only.

    URL Manual Entry , Import XML

    The login URL that Tenable Vulnerability Management generates when you create a configuration.

    This box is read-only.

    Entity ID Manual Entry , Import XML

    A unique identifier that Tenable Vulnerability Management generates when you create a configuration.

    This box is read-only.

    Created Manual Entry , Import XML

    The time and date on which an administrator user created the configuration.

    This box is read-only.

    Last Updated Manual Entry , Import XML

    The time and date on which an administrator user last updated the configuration.

    This box is read-only.

    Description Manual Entry A description for the SAML configuration.
    IdP Entity ID Manual Entry

    Your identity provider’s unique entity ID.

    Note: If you want to configure multiple IdPs for a user account, create a new configuration for each identity provider, with separate identity provider URLs, entity IDs, and signing certificates.

    IdP URL Manual Entry The SAML URL for your identity provider.
    Certificate Manual Entry

    Your identity provider's security certificate or certificates.

    Note: Security certificates are found in a metadata.xml file that your identity provider provides. You can copy the content of the file and paste it in the Certificate box.

    User Autoprovisioning Enabled Manual Entry A toggle that indicates whether automatic account user creation is enabled or disabled.
    IdP Assigns User Role at Provisioning Manual Entry To assign a user role during provisioning, enable this toggle. In your SAML identity provider, add an attribute statement with userRoleUuid as the attribute name and the user role UUID as the attribute value.

    To obtain the UUID for a user role, go to Settings > Access Control > Roles.

    IdP Resets User Role at Each Login Manual Entry

    To assign a role each time a user logs in, overwriting the current role with the one chosen in your IdP, enable this toggle. In your SAML identity provider, add an attribute statement with userRoleUuid as the attribute name and the user role UUID as the attribute value.

    To obtain the UUID for a user role, go to Settings > Access Control > Roles.

    Group Management Enabled Manual Entry Enable this toggle to allow the SAML configuration to manage user groups. You must enable this toggle for the Managed by SAML user group option to function successfully. For more information about this option, see Create a Group.
    Import Import XML

    A metadata.xml file from your identity provider that contains one or more SAML certificates.

    To import a new metadata.xml file from your identity provider:

    1. Under Import, click Add File.

      A file explorer window appears.

    2. Select the metadata.xml file.

      The metadata.xml file is uploaded.

    Note: If your metadata.xml file contains multiple certificates, only the first one appears in the Certificate column for the configuration on the SAML page.

  7. Click Save.

    Tenable Vulnerability Management saves the configuration.

    The SAML page appears with the updated configuration.