Using Identity Providers
  • 29 Aug 2024
  • 1 Minute to read
  • Dark
    Light
  • PDF

Using Identity Providers

  • Dark
    Light
  • PDF

Article summary

An Axonius Admin user can enable login based on a broad range of supported identity access management providers. These identity providers can handle authentication and authorization using existing credentials of your organization to a Single Sign On solution (SSO). All are disabled by default.

Once enabled and configured, a designated login button appears in the Axonius login page, for example:

image.png

Axonius supports the following identity provider formats:

To enable an identity provider and configure its credentials:

  1. From the top right corner of any page, click image.png. The System Settings page opens.
  2. In the Categories/Subcategories pane of the System Settings page, expand Access Management, and select LDAP & SAML.
  3. Turn on the toggle for the identity provider you want to use: Allow LDAP logins, Allow SAML-based logins.
  4. Configure the parameters for the identity provider.

Role Assignment Rules Logic

When a new/existing user logs in to Axonius with LDAP or SAML, the user's assigned role is determined based on the following logic:

#New / Existing UserUser’s Assigned RoleEvaluate role assignment on ValueRole Assignment RulesNew User’s Assigned Role
1New userN/A (logs in for the first time)Any value:
- New users only
- New and existing users
Either one of the following:
- No assignment rules configured
- Assignment rules configured, but no matching rule found
The value in the Default role for new LDAP user (if no matching assignment rule found) field or in the Default role for new SAML user (if no matching assignment rule found) field
2New userN/A (logs in for the first time)Any value:
- New users only
- New and existing users
Assignment rules configured and a matching rule foundBased on the first matching rule
3Existing userRole XNew users only or the Add Ignore role assignment rules checkbox, under the user settings is enabledN/A – assignment rules will not be evaluatedAssigned role will remain as is (Role X)
4Existing userRole XNew and existing usersEither one of the following:
- No assignment rules configured
- Assignment rules configured, but no matching rule found
Assigned role will remain as is (i.e., Role X)
5Existing userRole XNew and existing usersAssignment rules configured and a matching rule foundBased on the first matching rule

Was this article helpful?