In this article:
Use this guidance to provide SecurityScorecard-related information needed for configuring the security assertion markup language (SAML) single sign-on (SSO) integrations.
Note: SecurityScorecard does not support SAML single logout (SLO).
Access your SSO configuration
- In SecurityScorecard, click your profile avatar in the top-right corner, and select My Settings.
- In the Admin settings, select Single Sign-On (SSO).
- Follow the steps in the configuration wizard.
SecurityScorecard inputs for your SAML provider
|
Metadata URL |
https://platform-api.securityscorecard.io/v1/saml/metadata/service-provider |
|
Assertion Consumer Service, sometimes referred to as Single sign on URL (Okta) |
https://platform-api.securityscorecard.io/v1/saml/responses (HTTP-POST) |
|
Entity ID, sometimes referred to as Audience URI (SP Entity ID) (Okta) |
https://platform-api.securityscorecard.io/saml2/service-provider |
Note: Okta is only listed as an example. This configuration applies to all identity providers.
The XML that is exported from the IdP and then imported into SAML Configuration Wizard are:
- Identify provider issuer URI (entityID)
- Identity provider single sign-on URL (SingleSignOnService)
- Identity provider certificate
Additional information
|
SAML version |
2.0 |
|
SSO type |
IdP initiated |
|
Request signature algorithm |
SHA-1 or SHA-256 |
|
Request signing |
Optional |
|
Request binding |
HTTP Redirect or HTTP POST |
|
Response signature |
Required |
|
Request/response encryption |
Not supported |
|
NameID |
User’s email Required |
|
firstName and lastName |
Optional |