Table of Contents
- Building a SAML Application for Infosec IQ
- Setting up SAML-based Single-on
- User Assignment
- Testing and Enabling in Infosec Accounts
Important: Before creating the SAML application in Azure, you will need to obtain Infosec IQ’s Entity ID and ACS URLs. To do so:
- Login to Infosec IQ
- Navigate to the settings gear in the top right corner and select Learner Authentication (SSO)
- In the Single sign-on section, select setup
- Do not adjust any of the settings and click save in the bottom right-hand corner. This will expose the SP Metadata, Entity ID, and ACS URLs for your organization. You will need these URLs to perform the below configuration steps
Building a SAML Application for Infosec IQ
- Log into your Azure Active Directory admin center
- Navigate to Enterprise Applications under the Applications drop down menu.
- Select New Application
- Select Create your own application
- Provide a name for your SAML app, leave integrate any other application you don’t find in gallery selected, and then click create
- Navigate to the manage section on the left and select Single Sign on
- Select SAML as the sign sign-on method
Setting up SAML-based Single-on
-
Edit the Basic SAML Configuration section by pasting the below information. Make sure to click save before proceeding to the next step:
- Identifier (Entity ID): Paste correct Entity ID URL
- Reply URL (Assertion Consumer Service URL): Paste correct ACS URL
-
Edit the User Attributes & Claims section:
- Update the required claim value to user.mail and hit save
- Remove the additional claims
- Add a new claim named emailaddress and the source attribute set to user.mail, then click save.
- Once completed, close out of the User Attributes & Claims window. The section should now look like this:
- Update the required claim value to user.mail and hit save
-
Edit the SAML Signing Certificate
- Update the Signing Option to Sign SAML response and assertion
- Click Save
- Once updated, close our of the SAML Signing Certificate window
Note: If you test this SAML application in Azure, you will get redirected to An Internal Error Has Occurred Infosec IQ page and not the Windows Auth Page. To test if the SAML app is configured correctly, navigate to the Testing and Enabling in Infosec IQ section of this article
User Assignment
User Assignment is not required if you planning to initiate training using the Infosec IQ campaign notifications. To disable User Assignment:- Navigate to the SAML application’s Properties
- Toggle Assignment required to No
- Click Save
If you would like to provide your learners with a universal training link, then you will need to keep Assignment required enabled and follow the below steps:
- Confirm that Assignment Required is toggled to Yes by navigating to properties under manage on the left-hand side.
- Next select Users and Groups under Manage
- Click Add Users/Groups
- Click None Selected to identify the group or users you want to have this enabled. We recommend using/creating a group as this will be easier than manually selecting all your active users in Azure. If you do not have a group created, follow the below steps:
- Navigate to Azure Active Directory from the left-hand menu
- Select Groups
- Click New Group
- Fill in the sections and add users to that group
- Once completed, navigate back to the Infosec IQ SAML application and select your group
- Once you have assigned the correct group of users to the SAML application, navigate back to the SAML application’s Properties
- In properties, locate the User Access URL. This URL will be the unique training URL that you can share with your employees.
Note: Before sharing the above URL, you will need to configure your Infosec IQ account to support iDP Initiated Training. Review steps in Testing and Enabling in Infosec IQ to learn how to configure your account.
Testing and Enabling in Infosec Accounts
- Stay in your Azure AD Admin Center
- Navigate to the SAML application you created under Enterprise Applications
- Click on Single sign-on on the left-hand side
- Copy the App Federation Metadata URL that is in section three
- Navigate to Infosec IQ and hover over the settings gear in the top-right corner. Select User Settings
- Select Organizations and in the Single sign-on section, select Actions then Edit or Setup.
- Paste the App Federation Metadata URL into the IdP Metadata URL box
- Turn the Activate this Config toggle to enabled.
- (Optional) If you are planning on using a universal training link, make sure the iDP-initiated SSO toggle under settings is enabled.
- Click Save
- Once saved, you can perform a test by expanding the Actions dropdown menu and clicking test. Follow the prompts on the screen to complete the test. If your test isn’t successful, please contact support for further assistance.
- After the test is successful, the SSO configuration will be active for all users.
Note: When building an AwareEd campaign, there will be an option to enable authentication for that campaign in the “Advanced Settings” section on the top right of the campaign setup page.