# Setting up SSO with the NetSPI Platform

The instructions below are examples of setting up SSO with specific identity and access management vendors. If you have a vendor that is not listed below, please contact NetSPI support to put in a documentation request.

# Generic SSO setup instructions

SAML2.0 authentication from all major identify providers (IDPs) is accepted.

1. Use the general instructions below to add a new application in your IdP and provide the following configurations:
   • Single Sign On URL:
     1. SP Initiated: https://platform.netspi.ai/auth/realms/netspi/broker/<client id>/endpoint
     2. IDP Initiated: https://platform.netspi.ai/auth/realms/netspi/broker/<client id>/endpoint/clients/saml_idp_initiated
   • Audience: https://platform.netspi.ai/auth/realms/netspi
   • Name ID Format: Email Address
   • Attribute Statements:
     1. firstname: user.firstname
     2. lastname: user.lastname
     3. email: user.email
2. Export the IdP metadata file and send it to your NetSPI Client Delivery Manager (CDM) to import.

# Okta SSO

1. Add an Okta SAML application.
   Use the following information when adding your OTKA SAML application:
   • Callback URL:
     1. SP Initiated: https://platform.netspi.ai/auth/realms/netspi/broker/<client id>/endpoint
     2. IDP Initiated: https://platform.netspi.ai/auth/realms/netspi/broker/<client id>/endpoint/clients/saml_idp_initiated
   • Audience URI (SP Entity ID): https://platform.netspi.ai/auth/realm/netspi/
   • Audience Restriction: https://platform.netspi.ai/auth/realms/netspi
   • Default Relay State: blank
   • Name ID Format: EmailAddress
   • Application Username: Okta Username
   • Attribute Statements
     1. firstname: user.firstname
     2. lastname: user.lastname
     3. email: user.email
2. Complete and finish the Okta SAML application creation.
3. Send the metadata file to your NetSPI Client Delivery Manager (CDM) to import.

# Microsoft Entra ID SSO

1. Within Entra ID -> add an Enterprise Application.
2. Go to Set up single sign on with SAML.
   Use the information below as you set up the Entra ID SAML SSO:
   • Identifier (Entity ID): https://platform.netspi.ai/auth/realms/netspi/
   • Reply URL (Assertion Consumer Service URL):
     • SP Initiated: https://platform.netspi.ai/auth/realms/netspi/broker/<client id>/endpoint
     • IDP Initiated:
       1. https://platform.netspi.ai/auth/realms/netspi/broker/<client id>/endpoint/clients/saml_idp_initiated (default checkbox checked)
       2. https://platform.netspi.ai/auth/realms/netspi/broker/<client id>/endpoint
   • User Attributes & Claims:
     • lastname: user.surname
     • firstname: user.givenname
     • email: user.mail
     • name: user.userprincipalname
     • Unique User Identifier: user.userprincipalname
3. Download the Federation Metadata XML by selecting Download on the application.
4. Send the metadata file to your NetSPI Client Delivery Manager (CDM) to import.

# Google Workspaces SSO

1. Within admin.google.com, navigate to Apps -> Web and Mobile Apps.
2. Add App -> Add custom SAML app.
   • App name -> Relevant application name (NetSPI Platform)
   • Description -> Login to NetSPI Platform
3. Use the following for the service provider details:
   • ACS URL:
     1. SP Initiated: https://platform.netspi.ai/auth/realms/netspi/broker/<client id>/endpoint
     2. IDP Initiated: https://platform.netspi.ai/auth/realms/netspi/broker/<client id>/endpoint/clients/saml_idp_initiated
   • Entity ID: https://platform.netspi.ai/auth/realms/netspi/
   • Name ID format: EMAIL
   • Name ID: Basic Information -> Primary email
4. Use the following guide to add the attributes:
   • Primary email -> email
   • First name -> firstname
   • Last name -> lastname
   • Phone number -> phone
5. Click on DOWNLOAD METADATA and send the downloaded XML file to your NetSPI Client Delivery Manager (CDM) to import.