I have a duplicate post in another saml post, but wanted to make one focused on azure sso. Who has successfully implemented azure sso with saml between your nexpose security console and the insight platform ?
If the answer is yes. What steps did you take to get this to work ? My hope is to get this setup to minimize issues when start provisioning accounts for system owners to leverage vulnerability management as a service. This will empower them to manage and track risk / vulnerabilities.
Steps that I have currently taken:
Azure SSO is working with the insight platform - No issues here.
Nexpose console :
Saml authentication source has the idp metadata attached
Entity id has been pasted into base entity id , and console has been restarted. ( I believe that is what it was asking)
All accounts inside of nexpose onprem are using AD/LDAP to auth to the security console. Do separate accounts need to be created with SAML as the auth source since you cant edit accounts once created?
Thanks in advance for any advice or suggestions you may have.
hey Jake I know it can be done, at my org we have both IDR and MDR going thru azure SSO.
so each day I sign into office.com and then select rapid7 then mfa. I believe this is all via an “external identity provider”.
We have Azure SSO using both the insight platform and direct to Nexpose.
The one gotcha that i remember is that UPN is case sensitive along with email.
So I had to use the UPN the way Azure say it and the email the way Azure say it, Display name was the only one I had flexibility with.
One thing that I have noticed is that the identity engineer that I am working with notices that we have a successful login via iDP.
Questions I still have :
Did you create the user accounts to use SAML as the authenticator, or are you able to use AD/LDAP still ?
-Are usernames and emails case sensitive to the UPN as its exactly listed in Azure ?
As i mentioned before we have a successful idp login, but when signing in it never redirects to azure and immediately fails mentioning there are some invalid credentials. We’ve determined that we have the right base entity url, but it seems to be not liking something right off the bat if its not redirecting back to azure to perform the saml?