SAML

You can configure Tenable Vulnerability Management to accept credentials from your SAML identity provider (for example, Okta). This allows for an additional layer of security, where the SAML credentials are certified for use within Tenable Vulnerability Management. Once you enable SAML for a user, they can log in to Tenable Vulnerability Management directly through their identity provider, which automatically signs them in and redirects them to the Tenable Vulnerability Management landing page.

On the SAML page, you can view and manage your SAML credentials. You can also enable, disable, and add new configurations for users within your Tenable Vulnerability Management instance.

Tip: Review the Tenable SAML Configuration Quick-Reference guide for a step-by-step guide of how to configure SAML for use with Tenable Vulnerability Management.

Note: Tenable Vulnerability Management supports SAML 2.0 configurations.

Note: Once SAML is configured for a user, they must log in using the IdP Tile or the URL provided in the SP metadata file (for example, cloud.tenable.com/SAML/XXXXXX) and log back out before they can access the Sign in via SSO link on the Tenable Vulnerability Management login page.
Important: Because Tenable Vulnerability Management cannot accept private keys to decrypt SAML assertions, Tenable Vulnerability Management does not support SAML assertion encryption. If you want to configure SAML authentication in Tenable Vulnerability Management, choose an identity provider that does not require assertion encryption and confirm that assertion encryption is not enabled.

SAML Details

On the SAML page, you can view a table that includes the following details about your SAML configurations:

Column Description
UUID The UUID that Tenable Vulnerability Management automatically generates when you create a new SAML configuration.
Description

A description for the SAML configuration.

Last Login

The date and time on which a user on your instance last successfully logged in via the SAML configuration.

Note: The Last Login column shows a value only if Tenable Vulnerability Management has login data for the SAML identity provider.
Last Attempted Login

The date and time on which a user on your instance last attempted to log in via the SAML configuration.

Note: The Last Attempted Login column shows a value only if Tenable Vulnerability Management has attempted login data for the SAML identity provider.
Certificate

The certificate for the SAML configuration.

In the certificate column, you can complete the following tasks.

  • Click the button to copy the certificate to your clipboard.

  • Hover over the button to view the certificate expiration date.

    Note: Your identity provider determines the expiration date for your certificate.
Actions

An interactive column from which you can download the metadata.xml file that contains one or more security certificates for the configuration.

To download the metadata.xml file:

  1. In the Actions column for the configuration from which you want to download a metadata.xml file, click the button.

    An options menu appears.

  2. In the menu, click Download SP Metadata.

    Tenable Vulnerability Management downloads the metadata.xml file to your computer.

For more information, see the following topics: