Powered by

# Setting up IdP-initiated SSO

If your organization prefers to set up an IdP (identity provider) initiated SSO (single sign-on), these instructions are for you.

The default NetSPI Platform login is individual user login and password along with MFA (multi-factor authentication). See Setup your NetSPI Platform account for those instructions.

To set up IdP-initiated SSO for the NetSPI Platform and your organization:

  1. Contact your NetSPI Client Delivery Manager to request initiation of the IdP SSO setup for your organization. They will manage the creation of yourIdP SSO account. They will then need information provided by you after you take the following steps.

  2. Using Okta, create a new application.

  3. Use the following values for the new application for the NetSPI Platform:

    • Okta and most IDPs

      Single Sign-On URL:

      If you have an SP configuration you need to use the SP endpoint.

      SP = https://platform.netspi.ai/auth/realms/netspi/broker/<CLIENT ID>/endpoint

      Log in using: https://platform.netspi.ai

      If you have an IDP configuration you need to use the IDP/SP endpoint:

      IDP/SP = https://platform.netspi.ai/auth/realms/netspi/broker/<CLIENT ID>/endpoint/clients/saml_idp_initiated

      Log in using the tile in your SSO page.

    • MS Azure

      Identifier(Entity ID):

      If you have an SP configuration you need to use the SP endpoint.

      SP = https://platform.netspi.ai/auth/realms/netspi/broker/<CLIENT ID>/endpoint

      Log in using: https://platform.netspi.ai

      If you have an IDP configuration you need to use the IDP/SP endpoint:

      IDP/SP = https://platform.netspi.ai/auth/realms/netspi/broker/<CLIENT ID>/endpoint/clients/saml_idp_initiated

      Log in using the tile in your SSO page.

    • Audience URL: https://platform.netspi.ai/auth/realms/netspi

    • Name Id Format: EmailAddress

    • Application username: Email

    • Update Application username on: Create and Update

    • Ensure attribute statements are added as follows for first name, last name and email:

      SSO setup

  4. Once you've created the above application and configured the details, contact your NetSPI Client Delivery Manager to request the best way to convey the metadata URL from the “Sign On” tab that is needed to complete the IdP-initiated SSO setup.

© Copyright 2025. All rights reserved.