# Setting up SSO with the NetSPI Platform

The instructions below are examples of setting up SSO with specific identity and access management vendors. If you have a vendor that is not listed below, please contact NetSPI support to put in a documentation request. These instructions are for setting an SP configuration. Please reach out to NetSPI if IDP is needed.

# Generic SSO setup instructions

SAML2.0 authentication from all major identify providers (IDPs) is accepted.

1. Use the general instructions below to add a new application in your IdP and provide the following configurations:
   • Single Sign On URL: https://platform.netspi.ai/auth/realms/netspi/broker/<client id>/endpoint
   • Audience: https://platform.netspi.ai/auth/realms/netspi
   • Name ID Format: Email Address
   • Identifier (Entity ID): https://platform.netspi.ai/auth/realm/netspi/
   • Attribute Statements
   • firstname: user.firstname
   • lastname: user.lastname
   • email: user.email
2. Export the IdP metadata file and send it to your NetSPI Client Delivery Manager (CDM) to import.

# Okta SSO

1. Add an Okta SAML application.
   Use the following information when adding your OTKA SAML application:
   • Callback URL: https://platform.netspi.ai/auth/realms/netspi/broker/<client id>/endpoint
   • Audience URI (SP Entity ID): https://platform.netspi.ai/auth/realm/netspi/
   • Audience Restriction: https://platform.netspi.ai/auth/realms/netspi
   • Default Relay State: blank
   • Name ID Format: EmailAddress
   • Application Username: Okta Username
   • Attribute Statements
   • firstname: user.firstname
   • lastname: user.lastname
   • email: user.email
2. Complete and finish the Okta SAML application creation.
3. Send the metadata file to your NetSPI Client Delivery Manager (CDM) to import.

# Microsoft Entra ID SSO

1. Within Entra ID -> add an Enterprise Application.
2. Go to Set up single sign on with SAML.
   Use the information below as you set up the Entra ID SAML SSO:
   • Identifier (Entity ID): https://platform.netspi.ai/auth/realm/netspi/
   • Reply URL (Assertion Consumer Service URL): https://platform.netspi.ai/auth/realms/netspi/broker/<client id>/endpoint
   • User Attributes & Claims:
     • lastname: user.surname
     • firstname: user.givenname
     • email: user.othermail (or user.mail)
     • name: user.otheremail, user.userprincipalname, or user.mail
     • Unique User Identifier: user.othermail (or user.mail)
3. Download the Federation Metadata XML by selecting Download on the application.
4. Send the metadata file to your NetSPI Client Delivery Manager (CDM) to import.

# Google Workspaces SSO

1. Within admin.google.com, navigate to Apps -> Web and Mobile Apps.
2. Add App -> Add custom SAML app.
   • App name -> Relevant application name (NetSPI Platform)
   • Description -> Login to NetSPI Platform
   • App icon:
3. Use the following for the service provider details:
   • ACS URL: https://platform.netspi.ai/auth/realms/netspi/broker/<client id>/endpoint
   • Entity ID: https://platform.netspi.ai/auth/realm/netspi/
   • Name ID format: EMAIL
   • Name ID: Basic Information -> Primary email
4. Use the following guide to add the attributes:
   • Primary email -> email
   • First name -> firstname
   • Last name -> lastname
   • Phone number -> phone
5. Click on DOWNLOAD METADATA and send the downloaded XML file to your NetSPI Client Delivery Manager (CDM) to import.