#
Setting up SSO with the NetSPI Platform
The instructions below are examples of setting up SSO with specific identity and access management vendors. If you have a vendor that is not listed below, please contact NetSPI support to put in a documentation request.
The <client id> reference in the instructions below refers to your specific ID. To obtain your <client id>, contact your NetSPI CDM or view it in the following URL:
https://platform.netspi.ai/home?
This will resolve to include your <client id> as in the example below where 1 is the example ID:
https://platform.netspi.ai/home?c=1
#
Generic SSO setup instructions
SAML2.0 authentication from all major identify providers (IDPs) is accepted.
- Use the general instructions below to add a new application in your IdP and provide the following configurations:
- Single Sign On URL:
- SP Initiated:
https://platform.netspi.ai/auth/realms/netspi/broker/<client id>/endpoint - IDP Initiated:
https://platform.netspi.ai/auth/realms/netspi/broker/<client id>/endpoint/clients/saml_idp_initiated
- SP Initiated:
- Audience:
https://platform.netspi.ai/auth/realms/netspi - Name ID Format:
Email Address - Attribute Statements:
- firstname:
user.firstname - lastname:
user.lastname - email:
user.email
- firstname:
- Single Sign On URL:
- Export the IdP metadata file and send it to your NetSPI Client Delivery Manager (CDM) to import.
#
Okta SSO
Add an Okta SAML application.
Use the following information when adding your OTKA SAML application:- Callback URL:
- SP Initiated:
https://platform.netspi.ai/auth/realms/netspi/broker/<client id>/endpoint - IDP Initiated:
https://platform.netspi.ai/auth/realms/netspi/broker/<client id>/endpoint/clients/saml_idp_initiated
- SP Initiated:
- Audience URI (SP Entity ID):
https://platform.netspi.ai/auth/realms/netspi - Audience Restriction:
https://platform.netspi.ai/auth/realms/netspi - Default Relay State: blank
- Name ID Format:
EmailAddress - Application Username:
Okta Username - Attribute Statements
- firstname:
user.firstname - lastname:
user.lastname - email:
user.email
- firstname:
- Callback URL:
- Complete and finish the Okta SAML application creation.
- Send the metadata file to your NetSPI Client Delivery Manager (CDM) to import.
#
Microsoft Entra ID SSO
- Within Entra ID -> add an Enterprise Application.
Go to Set up single sign on with SAML.
Use the information below as you set up the Entra ID SAML SSO:- Identifier (Entity ID):
https://platform.netspi.ai/auth/realms/netspi
- Reply URL (Assertion Consumer Service URL):
- SP Initiated:
https://platform.netspi.ai/auth/realms/netspi/broker/<client id>/endpoint - IDP Initiated:
https://platform.netspi.ai/auth/realms/netspi/broker/<client id>/endpoint/clients/saml_idp_initiated(default checkbox checked)https://platform.netspi.ai/auth/realms/netspi/broker/<client id>/endpoint
- SP Initiated:
- User Attributes & Claims: Entra default attributes are acceptable
- Identifier (Entity ID):
- Download the Federation Metadata XML by selecting Download on the application.
- Send the metadata file to your NetSPI Client Delivery Manager (CDM) to import.
#
Google Workspaces SSO
- Within admin.google.com, navigate to Apps -> Web and Mobile Apps.
- Add App -> Add custom SAML app.
- App name -> Relevant application name (NetSPI Platform)
- Description -> Login to NetSPI Platform
Use the following for the service provider details:
- ACS URL:
- SP Initiated:
https://platform.netspi.ai/auth/realms/netspi/broker/<client id>/endpoint - IDP Initiated:
https://platform.netspi.ai/auth/realms/netspi/broker/<client id>/endpoint/clients/saml_idp_initiated
- SP Initiated:
- Entity ID:
https://platform.netspi.ai/auth/realms/netspi - Name ID format:
EMAIL - Name ID: Basic Information -> Primary email
- ACS URL:
- Use the following guide to add the attributes:
- Primary email ->
email - First name ->
firstname - Last name ->
lastname - Phone number ->
phone
- Primary email ->
- Click on DOWNLOAD METADATA and send the downloaded XML file to your NetSPI Client Delivery Manager (CDM) to import.