# Setting up SSO with the NetSPI Platform

The instructions below are examples of setting up SSO with specific identity and access management vendors. If you have a vendor that is not listed below, please contact NetSPI support to put in a documentation request.

# Generic SSO setup instructions

SAML2.0 authentication from all major identify providers (IDPs) is accepted.

  1. Use the general instructions below to add a new application in your IdP and provide the following configurations:
    • Single Sign On URL:
      1. SP Initiated: https://platform.netspi.ai/auth/realms/netspi/broker/<client id>/endpoint
      2. IDP Initiated: https://platform.netspi.ai/auth/realms/netspi/broker/<client id>/endpoint/clients/saml_idp_initiated
    • Audience: https://platform.netspi.ai/auth/realms/netspi
    • Name ID Format: Email Address
    • Attribute Statements:
      1. firstname: user.firstname
      2. lastname: user.lastname
      3. email: user.email
  2. Export the IdP metadata file and send it to your NetSPI Client Delivery Manager (CDM) to import.

# Okta SSO

  1. Add an Okta SAML application.
    Use the following information when adding your OTKA SAML application:

    • Callback URL:
      1. SP Initiated: https://platform.netspi.ai/auth/realms/netspi/broker/<client id>/endpoint
      2. IDP Initiated: https://platform.netspi.ai/auth/realms/netspi/broker/<client id>/endpoint/clients/saml_idp_initiated
    • Audience URI (SP Entity ID): https://platform.netspi.ai/auth/realms/netspi
    • Audience Restriction: https://platform.netspi.ai/auth/realms/netspi
    • Default Relay State: blank
    • Name ID Format: EmailAddress
    • Application Username: Okta Username
    • Attribute Statements
      1. firstname: user.firstname
      2. lastname: user.lastname
      3. email: user.email
  2. Complete and finish the Okta SAML application creation.
  3. Send the metadata file to your NetSPI Client Delivery Manager (CDM) to import.

# Microsoft Entra ID SSO

  1. Within Entra ID -> add an Enterprise Application.
  2. Go to Set up single sign on with SAML.
    Use the information below as you set up the Entra ID SAML SSO:

    • Identifier (Entity ID): https://platform.netspi.ai/auth/realms/netspi
    • Reply URL (Assertion Consumer Service URL):
      • SP Initiated: https://platform.netspi.ai/auth/realms/netspi/broker/<client id>/endpoint
      • IDP Initiated:
        1. https://platform.netspi.ai/auth/realms/netspi/broker/<client id>/endpoint/clients/saml_idp_initiated (default checkbox checked)

        2. https://platform.netspi.ai/auth/realms/netspi/broker/<client id>/endpoint

    • User Attributes & Claims: Entra default attributes are acceptable
  3. Download the Federation Metadata XML by selecting Download on the application.
  4. Send the metadata file to your NetSPI Client Delivery Manager (CDM) to import.

# Google Workspaces SSO

  1. Within admin.google.com, navigate to Apps -> Web and Mobile Apps.
  2. Add App -> Add custom SAML app.
    • App name -> Relevant application name (NetSPI Platform)
    • Description -> Login to NetSPI Platform
  3. Use the following for the service provider details:

    • ACS URL:
      1. SP Initiated: https://platform.netspi.ai/auth/realms/netspi/broker/<client id>/endpoint
      2. IDP Initiated: https://platform.netspi.ai/auth/realms/netspi/broker/<client id>/endpoint/clients/saml_idp_initiated
    • Entity ID: https://platform.netspi.ai/auth/realms/netspi
    • Name ID format: EMAIL
    • Name ID: Basic Information -> Primary email
  4. Use the following guide to add the attributes:
    • Primary email -> email
    • First name -> firstname
    • Last name -> lastname
    • Phone number -> phone
  5. Click on DOWNLOAD METADATA and send the downloaded XML file to your NetSPI Client Delivery Manager (CDM) to import.