Using Identity Providers
- 29 Aug 2024
- 1 Minute to read
- Print
- DarkLight
- PDF
Using Identity Providers
- Updated on 29 Aug 2024
- 1 Minute to read
- Print
- DarkLight
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
An Axonius Admin user can enable login based on a broad range of supported identity access management providers. These identity providers can handle authentication and authorization using existing credentials of your organization to a Single Sign On solution (SSO). All are disabled by default.
Once enabled and configured, a designated login button appears in the Axonius login page, for example:
Axonius supports the following identity provider formats:
To enable an identity provider and configure its credentials:
- From the top right corner of any page, click . The System Settings page opens.
- In the Categories/Subcategories pane of the System Settings page, expand Access Management, and select LDAP & SAML.
- Turn on the toggle for the identity provider you want to use: Allow LDAP logins, Allow SAML-based logins.
- Configure the parameters for the identity provider.
Role Assignment Rules Logic
When a new/existing user logs in to Axonius with LDAP or SAML, the user's assigned role is determined based on the following logic:
# | New / Existing User | User’s Assigned Role | Evaluate role assignment on Value | Role Assignment Rules | New User’s Assigned Role |
---|---|---|---|---|---|
1 | New user | N/A (logs in for the first time) | Any value: - New users only - New and existing users | Either one of the following: - No assignment rules configured - Assignment rules configured, but no matching rule found | The value in the Default role for new LDAP user (if no matching assignment rule found) field or in the Default role for new SAML user (if no matching assignment rule found) field |
2 | New user | N/A (logs in for the first time) | Any value: - New users only - New and existing users | Assignment rules configured and a matching rule found | Based on the first matching rule |
3 | Existing user | Role X | New users only or the Add Ignore role assignment rules checkbox, under the user settings is enabled | N/A – assignment rules will not be evaluated | Assigned role will remain as is (Role X) |
4 | Existing user | Role X | New and existing users | Either one of the following: - No assignment rules configured - Assignment rules configured, but no matching rule found | Assigned role will remain as is (i.e., Role X) |
5 | Existing user | Role X | New and existing users | Assignment rules configured and a matching rule found | Based on the first matching rule |
Was this article helpful?