Users have the ability to configure one Identity Provider within a SAML integration.
Note: ThreatLocker does not support idP-initiated SAML. For more information about why, please see the 'idP-Initiated SAML' section further down in the article.
Note: In your SAML Identity Provider, you will need to use the Entity ID: https://threatlocker.com
How to Configure the SAML Integration
To begin, navigate to the ThreatLocker portal.
From the left-hand navigation menu, click ‘Integrations’ and under 'Add New Integrations', select the SAML icon.
The Update SAML Integration panel will slide in on the right side of your screen. Fill in the text fields in the 'SAML Details' and 'Settings' sections.
The following fields must be obtained from the SAML Identity Provider:
- Sign-On URL: The Identity Provider endpoint which SAML Request must post to. (idP sign on page)
- IssuerId: The globally unique name of your idP .
- Certificate: Identity Provider generated X509 Certificate.
- This is needed for ThreatLocker to verify that the SAML Assertion is coming from the trusted Identity Provider.
- The Certificate Signature Algorithm must be SHA-256.
Click the '+ Add SAML' button.
Navigate to the Login Settings found on the Administrators page and toggle on the Allow SSO.
When SAML is disabled, any user who had SAML enabled to sign in will need to reset their password, as they will not have a valid login for ThreatLocker.
Connecting SAML to ThreatLocker
Prior to signing in with SAML, you must reset the chosen administrator's ThreatLocker password.
Navigate to the Aministrators page and select the check box next to the administrator(s) you would like to connect to SAML. Once the desired administrators are selected, select the 'Password Reset' button.
Confirm that you would like to email a reset password link in the corresponding popup.
The selected administrators will receive an email from firstname.lastname@example.org with a reset password link.
The link will direct the user to confirm their new password. On this page, users should select the SAML button.
In the 'Confirm your new ThreatLocker Account' popup, insert the SAML email address and select 'Verify with SAML'.
Follow the prompts to login. Once successful, the administrator will see the prompt to input their MFA code.
Signing in with the SAML Integration
To sign in using the SAML integration, start by entering your email/username into the portal login page as usual.
If the integration is setup correctly, the SAML button will appear below the login fields.
Click the SAML button to sign in.
For security purposes, ThreatLocker does not support idP initiated SAML. With idP-initiated SAML, there is no SAML Request which means that we cannot truly verify if the assertion was stolen. A stolen assertion initiated from an idP will appear to be valid. It will be coming from the expected issuer and it will be signed with the expected key. This means that we cannot prevent assertion theft and injection.
For more information about the risks and dangers of using IdP-Initiated SAML, please see the following articles: