SAML Integration

3 min. readlast update: 05.20.2024

 

Users have the ability to configure one Identity Provider within a SAML integration. 

Note: ThreatLocker does not support idP-initiated SAML. For more information about why, please see the 'idP-Initiated SAML' section further down in the article.
Note: In your SAML Identity Provider, you will need to use the Entity ID: https://threatlocker.com
Note: In your SAML Identity Provider, you will need the Assertion (ACS URL) provided in the Assertion section of the SAML integration sidebar.

How to Configure the SAML Integration

To begin, navigate to the ThreatLocker portal.

From the left-hand navigation menu, click ‘Integrations’ and under 'Add New Integrations', select the SAML icon.  

undefined

 

The Update SAML Integration panel will slide in on the right side of your screen.

  1.    Fill in the desired Description for the SAML integration.
  2. The Issuer is https://threatlocker.com, and may be requested by the SAML Identity Provider.
  3. The Assertion is the Assertion URL (ACS URL) that may be requested by the SAML Identity Provider.

The following fields must be obtained from the SAML Identity Provider:

4.   Sign-On URL: The Identity Provider endpoint which SAML Request must post to. (idP sign on page)

5.  IssuerId: The globally unique name of your idP .

6.  Certificate: Identity Provider generated X509 Certificate. 

    • This is needed for ThreatLocker to verify that the SAML Assertion is coming from the trusted Identity Provider.
    • The Certificate Signature Algorithm must be SHA-256.

Click the '+ Add SAML' button.

 

Enabling SSO

 

Navigate to the Login Settings found on the Administrators page and toggle on the Allow SSO.

undefined

 

undefined

 

When SAML is disabled, any user who had SAML enabled to sign in will need to reset their password, as they will not have a valid login for ThreatLocker.

Connecting SAML to ThreatLocker

Prior to signing in with SAML, you must reset the chosen administrator's ThreatLocker password.

Navigate to the Aministrators page and select the check box next to the administrator(s) you would like to connect to SAML. Once the desired administrators are selected, select the 'Password Reset' button.

undefined

Confirm that you would like to email a reset password link in the corresponding popup.

undefined

 

The selected administrators will receive an email from noreply@threatlocker.com with a reset password link. 

undefined

The link will direct the user to confirm their new password. On this page, users should select the SAML button.

undefined

In the 'Confirm your new ThreatLocker Account' popup, insert the SAML email address and select 'Verify with SAML'.

undefined

 

Follow the prompts to login. Once successful, the administrator will see the prompt to input their MFA code.

Signing in with the SAML Integration

To sign in using the SAML integration, start by entering your email/username into the portal login page as usual.

If the integration is setup correctly, the SAML button will appear below the login fields.

undefined

 

Click the SAML button to sign in.

idP-Initiated SAML

For security purposes, ThreatLocker does not support idP initiated SAML. With idP-initiated SAML, there is no SAML Request which means that we cannot truly verify if the assertion was stolen. A stolen assertion initiated from an idP will appear to be valid. It will be coming from the expected issuer and it will be signed with the expected key. This means that we cannot prevent assertion theft and injection.

For more information about the risks and dangers of using IdP-Initiated SAML, please see the following articles:

https://www.identityserver.com/articles/the-dangers-of-saml-idp-initiated-sso

https://auth0.com/docs/authenticate/protocols/saml/saml-sso-integrations/identity-provider-initiated-single-sign-on

Was this article helpful?