...
The
...
platform
...
Please adjust your SSO configurations to take into account this new domain to prevent any account lockout or interruptions.
Please contact the platform support team if you require any assistance here.
The platform now supports Okta and Azure AD single sign-on capabilities. This has been included to assist those clients that wish to centrally manage users access to platforms they operate in. The platform can now be added to that list.
...
Client ID
Client Secret
Base URL
...
Setting up Azure AD SSO
...
SSO
...
Please adjust your SSO configurations to take into account this new domain to prevent any account lockout or interruptions.
Please contact the platform support team if you require any assistance here.
Log into Azure Portal and go to the “App Registrations” page.
Click on “+ New Registration” in the top left of the “App Registrations” page
Under “Name” give the new application a unique name
Under “Supported account types” select an account type (choose “Accounts in this organisational directory only”).
Under “Redirect URI (optional)”, choose “Web” in the drop-down and enter the following URL:
Code Block https://{tenant_name}.{tenant_region}.prismvulnerability-platform.com/login/azure/callbackClick “Register”
You’ll be redirected to the “Overview” page of the new application
Within the “Overview” page, under the “Essentials” section, there will be an Application (client) ID which can be copied into the Client ID field in the platform, under the the Azure within the platform’s Connected Account section in the platform.
...
Within the “Overview” page, under the “Essentials” section, click on “Redirect URIs”
The “Platform Configurations” section will appear
If not already populated from earlier step, enter the following for the “Redirect URIs”:
Code Block https://{tenant_name}.{tenant_region}.prismvulnerability-platform.com/login/azure/callback
Under “Front-channel logout” section, enter the following URL for the “Front-channel logout URL”:
Code Block https://{tenant_name}.{tenant_region}.prismvulnerability-platform.com/logoutUnder “Implicit grant and hybrid flows”, select the checkbox for “ID tokens (used for implicit and hybrid flows)”
Click “Save” and then return to the “Overview” page
Select the “Certificates & secrets” page from the left-hand side bar
Within the “Certificates & secrets” page, under “Client secrets”:
Choose “+ New client secret”
Within the “Add a client secret” section provide a Description and set your Expires timeframe
Click “Add”
Within the “Certificates & secrets” page, under “Client secrets”, a new entry for the client secret will appear.
Next to this new secret entry, copy the string of characters under Value. The string of characters should be copied in the Client Secret field in the platform, under the the Azure within the platform's Connected Account section in the platform.
...
Go to the overview page
Find “Manage application in local directory” and click on your application name, this will take us through to the application properties page.
On the left hand bar, under Manage, click on Properties.
Scroll down and there is a property called “Assignment required?” change this to “Yes”.
Click Save
Click on Users and Groups on the side panel. Here we will assign the users we want to allow access to this SSO login.
Click “Add user/Group” and select the users we want to allow.
Select the users you want to allow and press “Select” at the bottom.
This should update the page with the users selected, click “Assign” at the bottom.
You should now see the list of users allowed to use the application.
Any user not assigned to this list will not be allowed access to the SSO login, the platform will redirect them to Azure, but they will hit an error page and will have to return to the platform.
...
Setting up Okta SSO
...
From 1st March 2024 the base domain for the platform is changing. The new base domain to be used in all SSO configurations will be vulnerability-platform.com and not prism-platform.com.
...
SSO
...
After signing up to Okta, and downloading the Okta app, you will be redirected to the application page. There should be an “Admin” button in the top right, click on that.
When in the admin panel, we will need to create a new application.
In the side panel, click on “Applications”
Click “create new web integration”
Click on “OIDC - OpenID Connect” and click “Web Application”, click next, this will take us to the application page.
First we should give our app a name.
For the Grant:
Click on “Client Credentials”
Click on “Implicit (Hybrid)”
Under “Sign in redirect url” enter:
Code Block https://{tenant_name}.{tenant_region}.prismvulnerability-platform.com/login/okta/callbackUnder “Sign out redirect url” enter:
Code Block https://{tenant_name}.{tenant_region}.prismvulnerability-platform.com/loginUnder “Assignments” we can either allow all access to individuals in the Okta tenant, or add a group to allow specific individuals to access the platform.
Click “Save” when finished.
When we have finished setting up Okta. We need to copy a few items into the platform to setup the tenant to allow SSO.
We need the “Client ID”, “Client Secret“, and the “Base URL“.
The Client ID can be found at the top of the page on the General page of the application
The Client Secret is on the same page, just underneath
The Base URL is set when you sign up to Okta, this can be found under the pop-out of the admin page at the top right. If you click on your account name it will dropdown with the account details. It will look like “*****.okta.com”. This is used by the platform to call your specific Okta tenant for the user details when signing in. This should be prefixed with
https://, sohttps://mytenant.okta.comGo back to the platform and set up Okta under the connected accounts using the above information. This will setup SSO for the tenant.
...