Before you configure an authentication profile, ensure that you have successfully integrated an application with the selected third-party IdP using the protocol of your choice. The following are prerequisites for configuring access authentication:
- You must successfully create an application for the authentication protocol in the respective third-party IdP that you plan to integrate with BloxOne Threat Defense Cloud. For information about how to set up applications for different IdPs, refer to the respective vendor documentation.
- Ensure that you have properly configured group and claim attributes for the respective application in the IdP. For SAML, the SAML2.0 Assertion must contain the "groups" attribute. For OpenID Connect, the ID Token must contain the "groups" claim. You can also use an optional claim that matches the ".*email" regex, for displaying username in the security reports.
- Copy all the Service Provider details in the Create Authentication Profile dialog of the Cloud Services Portal. From the Cloud Service Portal, click Administration -> Access Authentication -> Add Configuration. Depending on the protocol you have chosen, copy the Entry ID and Assertion Consumer Service URL for SAML, and the Login Redirect URI for OpenID Connect. You can also download the metadata file for SAML to get all the required information. You need this information to create an application in the IdP.
- From the IdP application, obtain the identity provider details, so you can enter the information to successfully create an authentication profile in BloxOne. For SAML, obtain the Issuer, SSO URL, and Signing Certificate from the SAML application of your IdP. You can also use the metadata URL to get all the information in the XML file. For OpenID Connect, obtain the Client ID, Client Secret, and Issuer information from the OpenID Connect application.
See the following for a list of required parameters for each supported third-party IdP and protocol: