Using Identity Providers
- 08 Jan 2023
- 1 Minute to read
-
Print
-
DarkLight
-
PDF
Using Identity Providers
- Updated on 08 Jan 2023
- 1 Minute to read
-
Print
-
DarkLight
-
PDF
An Axonius Admin user can enable login based on a broad range of supported identity access management providers. These identity providers can handle authentication and authorization using existing credentials of your organization to a Single Sign On solution (SSO). All are disabled by default.
Once enabled and configured, a designated login button appears in the Axonius login page, for example:
Axonius supports the following identity provider formats:
To enable an identify provider and configure its credentials
- From the top right corner of any page, click
. The System Settings page opens.
- Click the Identity Providers Settings tab.
- Click the toggle for the identity provider you want to use.
- Configure the parameters for the identity provider.
Role Assignment Rules Logic
When a new/existing user logs in to Axonius with LDAP or SAML, the user's assigned role is determined based on the following logic:
# | New / Existing User | User’s Assigned Role | Evaluate role assignment on Value | Role Assignment Rules | New User’s Assigned Role |
---|---|---|---|---|---|
1 | New user | N/A (logs in for the first time) | Any value: - New users only - New and existing users |
Either one of the following: - No assignment rules configured - Assignment rules configured, but no matching rule found |
The value in the Default role for new LDAP user (if no matching assignment rule found) field or in the Default role for new SAML user (if no matching assignment rule found) field |
2 | New user | N/A (logs in for the first time) | Any value: - New users only - New and existing users |
Assignment rules configured and a matching rule found | Based on the first matching rule |
3 | Existing user | Role X | New users only or the Add Ignore role assignment rules checkbox, under the user settings is enabled | N/A – assignment rules will not be evaluated | Assigned role will remain as is (Role X) |
4 | Existing user | Role X | New and existing users | Either one of the following: - No assignment rules configured - Assignment rules configured, but no matching rule found |
Assigned role will remain as is (i.e., Role X) |
5 | Existing user | Role X | New and existing users | Assignment rules configured and a matching rule found | Based on the first matching rule |