Infosec Accounts Single Sign-on

Infosec IQ supports two different methods of Single Sign-on: SAML or OpenID Connect. Navigate to Learners > Learner Authentication (SSO) to get to the configuration.

2023-10-30 11_31_52-Infosec IQ_ Initech Dashboard — Mozilla Firefox.png1349×587 58.5 KB

You’ll need the security to access the organization tab in Accounts. If you do not see this tab, please submit a support ticket using the ? button in the lower-right corner of the main platform.

image.png1351×495 23.2 KB

SAML

The SAML option allows users to authenticate through a SAML 2.0 compliant identity provider (IdP).

Note: If you had a SAML SSO connection set up before the rollout of Infosec Accounts, a message will be shown in your profile indicating that you’re using an imported configuration for Single Sign-on:

image.png1172×155 7.91 KB

Your existing SAML configuration will continue to work for authentication, but it is recommended that the configuration be updated and the imported configuration removed.

Follow these steps to create a SAML configuration:

1. Click Create on the message shown in the screenshot above.
2. The Setup single sign-on pane will open on the right.
   
   

   image.png519×877 41.1 KB
3. Click Save on the bottom right in order to generate your URLs.
4. Click Show details to see the SAML information. Enter the Infosec IQ Entity ID and ACS URL into the Identity Provider configuration. If SAML was previously configured in Infosec IQ you may need to update these URLs in your IdP.
   
   

   image.png1921×387 59.4 KB
   
   
   

   image.png1884×830 121 KB
5. Copy your IdP metadata URL or XML from the identity provider.
6. Click Actions > Edit.
7. Paste in the IdP metadata URL or XML into the bottom settings and click Save. Note this does not activate the configuration.
   
   

   image.png1914×529 100 KB
8. Click Actions > Test.
   
   

   image.png1914×544 99.1 KB
9. Activate the SSO configuration using the toggle and click save.
   
   

   image.png858×875 56.9 KB
10. (Optional) Allow IdP initiated SSO as needed using the toggle below the activation.
    
    

    image.png1911×543 99.2 KB

See the following knowledge base articles for more information on SAML setup with specific identity providers:

• SAML SSO with ADFS
• SAML SSO with Azure Active Directory
• SAML SSO with Google Workspace
• SAML SSO with Okta

OpenID Connect

OpenID Connect (OIDC) is an open authentication protocol that works on top of the OAuth 2.0 framework used for identity assertion.

1. Click create in the Single Sign-on box.
2. The configuration pane will open on the right. Choose OpenID Connect and click save in order to generate the needed URLs.
3. Copy the redirect URL from Infosec to paste into your identity provider.
   
   

   image.png1783×694 40.9 KB
4. Edit the configuration.
   
   

   image.png1777×774 50.3 KB
5. Enter the Provider URL, Client ID, and Client Secret from your identity provider and save.
   
   

   image.png837×861 21.9 KB
6. Click Actions > Test.
   
   

   image.png1769×784 50.3 KB
7. After a successful test, click Actions > Edit, activate the configuration and save.
   
   

   image.png1777×774 50.3 KB
   
   
   

   image.png837×874 29.5 KB

See the following knowledge base articles for more information on OIDC setup with specific identity providers:

• OpenID Connect SSO with Azure Active Directory
• OpenID Connect SSO with Google Workspace