How To Configure SSO in Threat Stack

Follow

 

Introduction

Single Sign-On (SSO) integrates a session token with a user authentication service. An SSO allows users to access multiple authorized applications without re-authenticating when switching between applications.

The Threat Stack Cloud Security PlatformⓇ exclusively integrates with Security Assertion Markup Language (SAML) 2.0 SSO identity provider (IdP) services. Additionally, Threat Stack only supports service provider (SP)-initiated generic SAML 2.0 integrations.

Tip

Not sure if your SSO is SP-initiated? If you visit a web application and are redirected to your IdP to sign in, then your SSO is SP-initiated.

Supported IdPs for SSO

Threat Stack supports the following SAML 2.0 IdPs:

  • Google
  • JumpCloud
  • Okta
  • OneLogin

Note

If your SSO uses a SAML 2.0 IdP, but is not on the supported list, then Threat Stack has not tested an integration with your IdP.

Configure SSO Integration with Threat Stack

Prerequisites

  • Administrator access to your IdP
  • Owner access to the Threat Stack console
Configure Google SSO Integration

Tip

User side-by-side browser windows – one for your Google Admin console and one for Threat Stack – to complete these instructions.

  1. Log into your Google Admin console. The Home page displays.
  2. Log into Threat Stack. The Dashboard page displays.
  3. Begin the Google integration with Threat Stack.
    1. On the Home page, go to More controls > Apps > SAML Apps.
    2. Click the (+) icon.
    3. Click Set up my own custom app. The Google IdP Information window opens and the Single Sign-On URL field and Entity ID URL field automatically populate.
  4. Begin the Threat Stack integration with Google.
    1. On the Dashboard page, in the left navigation pane, click Settings. The Settings page displays.
    2. Click the Authentication tab. The Authentication page displays.
    3. In the Single Sign-On section, from the Identity Provider drop-down menu, select Google.
  5. Copy values from Google Admin into Threat Stack.
    1. In the Google Admin console, copy the value in the Entity ID field.
    2. In Threat Stack, in the Identity Provider SAML 2.0 URL field, paste the value copied in step 5a.
    3. In the Google Admin console, copy the value in the Single Sign-On URL field.
    4. In Threat Stack, in the Identity Provider Issuer URL field, paste the value copied in step 5c.
  6. Upload the Google certificate to Threat Stack.
    1. In the Google Admin console, download the X.509 Certificate.
    2. In Threat Stack, click in the Upload your Public Certificate file field. Follow the prompts to upload the X.509 Certificate you downloaded in step 6a.
  7. Continue the Google integration with Threat Stack.
    1. Click the Next button. The Basic Application Information window opens.
    2. In the Name field, type “Threat Stack.”
    3. In the Description field, type a description of the Threat Stack integration.
    4. Click the Next button. The Service Provider Details window opens.
  8. Copy values from Threat Stack into Google Admin.
    1. In Threat Stack, copy the value in the SSO Assertion Consumer Service URL (ACS URL) field.
    2. In Google Admin, in the ACS URL field, paste the value copied in step 8a.
    3. In Google Admin, in the Start URL field, paste the value copied in step 8a.
    4. In Threat Stack, copy the value in the Audience URI / SP Entity ID field.
    5. In Google Admin, in the Entity ID field, paste the value copied in step 8d.
  9. Mapping values from Google to Threat Stack.
    1. In Google Admin, do not check the Signed Response check box.
    2. Click the Next button. The Mapping window opens.
    3. From the Attributes drop-down menu, select Category. Type the email address of an authorized Threat Stack user. Ensure the email address matches the email address used in Google.
    4. From the Attributes drop-down menu, select User. Type the email address of an authorized Threat Stack user. Ensure the email address matches the email address used in Google.
  10. In the Google Admin console, click the Finish button. Google is now integrated with Threat Stack for SSO.
  11. In Threat Stack, click the Continue button. Threat Stack is now integrated with Google for SSO.
Configure JumpCloud SSO Integration

Tip

User side-by-side browser windows – one for your JumpCloud Admin Console interface and one for Threat Stack – to complete these instructions.

  1. Log into the JumpCloud Admin console. The Home page displays.
  2. Log into Threat Stack. The Dashboard page displays.
  3. Begin the JumpCloud integration with Threat Stack.
    1. Select Applications. The Applications screen displays.


      ApplicationButton.png

    2. Click the (+) button. The Configure New Application window opens.


      ApplicationSearch.png

    3. In the Search field, type “SAML”.
    4. In the SAML search result, click the configure button.


      ApplicationConfig.png

      The Configuration Settings screen displays.

      ConfigSettingsPg.png

  4. Generate an IdP Private Key and SHA256 Certificate.
    1. In Linux, open the Terminal.
    2. Go to the /tmp directory.
    3. Type the following commands and press ENTER:
      openssl genrsa -out private.pem 2048
      openssl req -new -x509 -sha256 -key private.pem -out cert.pem -days 1095
    4. In the JumpCloud Admin console, click the Upload IdP Private Key button. The Open dialog displays.


      UploadKeysCerts.png

    5. Go to the /tmp directory.
    6. Select the IdP certificate you generated in step 4c.
    7. Click the Open button. The Open dialog closes. You return to the JumpCloud Admin console.
    8. Click the Upload IdP Certificate button. The Open dialog displays.
    9. Go to the /tmp directory.
    10. Select the IdP certificate you generated in step 4c.
    11. Click the Open button. The Open dialog closes.
  5. Ensure the following values are present in the JumpCloud Admin console.
    1. In the SAMLSUBJECT NAMEID field, ensure the value is “email”.


      OtherValues.png

    2. In the SAMLSUBJECT NAMEID FORMAT field, ensure the value is “urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress”.
    3. Ensure the SIGNATURE ALGORITHM drop-down menu value is “RSA-SHA256”.
    4. In the IDP-INITIATED URL field, ensure the value is “https://app.threatstack.com”.
  6. Begin the Threat Stack integration with JumpCloud.
    1. On the Dashboard page, in the left navigation pane, click Settings. The Settings screen displays.
    2. Click the Authentication tab. The Authentication screen displays.
    3. In the Single Sign-On section, from the Identity Provider drop-down menu, select JumpCloud.
  7. Copy values from Threat Stack into the JumpCloud Admin console.
    1. In Threat Stack, copy the value in the SSO Assertion Consumer Service URL (ACS URL) field.
    2. In JumpCloud, in the ACS URL field, paste the value copied in step 7a.


      SPEntityAndACSURSL.png

    3. In Threat Stack, copy the value in the Audience URI / SP Entity ID field.
    4. In JumpCloud, in the SP ENTITY ID field, paste the value copied in step 7c.
  8. Copy values from the JumpCloud Admin console into Threat Stack.
    1. In the JumpCloud Admin console, copy the value in the IDP ENTITY ID field.


      IDPEntityID.png

    2. In Threat Stack, in the Identity Provider Issuer URL field, paste the value copied in step 8a.
    3. In the JumpCloud Admin console, copy the value in the IDP URL field.


      IDPURL.png

    4. In Threat Stack, in the Identity Provider SAML 2.0 URL field, paste the value copied in step 8c.
  9. In the JumpCloud Admin console, click the activate button.


    ActivateButton.png

    You return to the Applications screen. The Threat Stack SSO SAML integration displays.

  10. Clear browser cookies in Google Chrome.
    1. Go to the Threat Stack login page.
    2. Right-click on the page. A quick link menu displays.
    3. Click Inspect. The Inspect tool displays.
    4. Select the Application tab.
    5. Expand the Cookies options.
    6. Right-click the Threat Stack URL and select Clear.
    7. Close the browser.
    8. Open the browser and log into the Threat Stack console as an administrator. The JumpCloud SSO is used to sign into Threat Stack.
  11. Remove the IdP Private Key and Certificate from your computer.
    1. Go to the /tmp directory.
    2. Right-click the IdP Certificate and select Move to Trash.
    3. Right-click the IdP Private Key and select Move to Trash.
    4. Empty your Trash.
Configure Okta SSO Integration

Tip

User side-by-side browser windows – one for your Okta organization and one for Threat Stack – to complete these instructions.

  1. Log into your Okta organization with administrator credentials. The Home page displays.
  2. Log into Threat Stack. The Dashboard page displays.
  3. Begin the Okta integration with Threat Stack.
    1. In your Okta organization, select your administrator username and then select Admin button.

      OktaDashboard.png

      The Developer Console screen displays.

      DevConsolePage.png

    2. In the upper left corner of the screen, select the Developer Console drop-down menu and then select Classic UI. The Dashboard screen displays.

      ClassicUI.png

    3. Click the Applications tab. The Applications screen displays.

      ApplicationsPage.png

    4. Click the Add Application button. The Add Application screen displays.

      AddApplicationPage.png

    5. Click the Create New App button. The Create a New Application Integration screen displays.

      CreateNewAppDialog.png

    6. In the Sign on method section, select the SAML 2.0 radio button.
    7. Click the Create button. The 1 General Settings screen displays.

      GeneralSettings.png

    8. In the App name field, type “Threat Stack”.
    9. Click the Next button. The 2 SAML Settings screen displays.
    10. In the General section, in the Single sign on URL field, type “https://app.threatstack.com/sso/saml/callback”.
    11. Ensure the Use this for Recipient URL and Destination URL checkbox is selected.
    12. In the Audience URI (SP Entity ID) field, type “https://app.threatstack.com”.
    13. From the Name ID format drop-down menu, ensure EmailAddress is selected.
    14. From the Application username drop-down menu, ensure Email is selected.
    15. Click the Next button.

      SAMLSettingsPage.png

      The 3 Help Okta Support understand how you configured the application screen displays.

      FeedbackPage.png

    16. Select the I’m an Okta customer adding an internal app radio button. Additional fields display.

      FinishButton.png

    17. Select the This is an internal app that we have created checkbox.
    18. Click the Finish button. The Threat Stack integration screen displays.

      ThreatStackOktaIntegration.png

      Warning

      Do not close this page. You need to access the Identity Provider metadata link later in this process.

  4. Begin the Threat Stack integration with Okta.
    1. On the Dashboard page, in the left navigation pane, click Settings. The Settings screen displays.
    2. Click the Authentication tab. The Authentication screen displays.
    3. In the Single Sign-On section, from the Identity Provider drop-down menu, select Okta.
  5. Copy values from the Okta organization into Threat Stack.
    1. In Okta, on the Threat Stack integration screen, right-click the Identity Provider metadata link and select Open Link in New Tab.

      IDProviderMetadata.png

      A table with the XML for the integration displays.

    2. In the XML, copy the value in the Location section of the code:
      md:SingleSignOnService Binding=”XXXX” Location=”XXXX” /
    3. In Threat Stack, in the Identity Provider SAML 2.0 URL field, paste the value copied in step 5b.
    4. In the XML, copy the value in the entityID section of the code:
      md:EntityDescriptor xlmns:md=”XXXX” entityID=”XXXX
    5. In Threat Stack, in the Identity Provider Issuer URL field, paste the value copied in step 5d.
    6. In the XML, copy the value between the ds:X509Certificate and ds:X509Certificate fields.
    7. In Threat Stack, paste the value in the X.509 Certificate field.
    8. Click the Download certificate button.
  6. Assign people in the Okta organization to Threat Stack.
    1. In Okta, on the Threat Stack integration screen, right-click the Assignments tab and click Open Link in New Tab. The Assignments screen displays.

      AssignmentsPage.png

    2. Click the Assign drop-down menu.

      AssignMenu.png

    3. Select Assign to People. The Assign Threat Stack to People dialog displays.

      AssignToPeople.png

    4. Click the Assign button next to a name to add. The User Name screen displays.

      UserNameField.png

    5. Click the Save and Go Back button. You return to the list of names.
    6. Repeat steps 6d – 6e for each name to add.
    7. Click the Done button. You return to the Threat Stack integrations screen. Each selected user displays on the page.

      ThreatStackIntegrationPage.png

Configure OneLogin SSO Integration

Tip

User side-by-side browser windows – one for your OneLogin console interface and one for Threat Stack – to complete these instructions.

  1. Log into the OneLogin console with administrator credentials. The Home page displays.

    OneLoginHomepage.png

  2. Log into Threat Stack. The Dashboard page displays.
  3. Begin the OneLogin integration with Threat Stack.
    1. On the Home page, select Administration. A new tab opens and the Administration page displays.

      AdministrationPage.png

    2. Hover the cursor over the Apps tab and select Add Apps. The Find Applications screen displays.

      FindAppPage.png

    3. In the search… field, type “Threat Stack” and press ENTER.
    4. From the search results, click Threat Stack SAML2.0.

      SearchResults.png

      The Add Threat Stack screen displays.

      AddThreatStackScreen.png

    5. Click the Save button. A confirmation message displays.

      ConfirmationMessage.png

  4. Begin the Threat Stack integration with OneLogin.
    1. On the Dashboard page, in the left navigation pane, click Settings. The Settings screen displays.
    2. Click the Authentication tab. The Authentication screen displays.
    3. In the Single Sign-On section, from the Identity Provider drop-down menu, select OneLogin.
  5. Copy information from OneLogin into Threat Stack.
    1. In the OneLogin console, click the SSO tab. The SSO screen displays.

      SSOTab.png

    2. In the OneLogin console, copy the value in the Issuer URL field.
    3. In Threat Stack, in the Identity Provider Issuer URL field, paste the value copied in step 5b.
    4. In the OneLogin console, copy the value in the SAML 2.0 Endpoint field.
    5. In Threat Stack, in the Identity Provider SAML 2.0 URL field, paste the value copied in step 5d.
    6. In the OneLogin console, click the View Details link. The Standard Strength Certificate (2048-bit) screen displays.

      StandStrCert.png

    7. Click the Download button. The certificate downloads to your local machine.
  6. Assign people in OneLogin to Threat Stack.
    1. In the OneLogin console, click the Users tab. The All Users screen displays.

      AllUsersScreen.png

    2. In the Search field, type the name of a user to add.
    3. Click the user’s name. Their user screen displays.

      UserPage.png

    4. On their user page, click the Applications tab. The Applications screen displays.

      ApplicationsTab.png

    5. In the Applications section, click the + button. The Assign New Login to [User] dialog displays.

      AssignNewLogin.png

    6. From the Select Application drop-down menu, select Threat Stack.
    7. Click the Continue button. The Edit Threat Stack Login For [User] dialog displays.

      EditThreatStack.png

    8. Click the Save button. You return to the Applications screen. The Threat Stack integration displays.
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.