Net-Inspect Single Sign-On (SSO) Setup
Net-Inspect Single Sign-On (SSO) Configuration Guide
Net-Inspect accounts can be configured to use Single Sign-On (SSO) as a method of authenticating users. It's possible to limit methods of authentication to only SSO or both SSO and traditional username/password/company/MFA login methods. Please reach out to helpdesk@net-inspect.com if you would like a Metadata file to import into your own system.
Information Required for SSO Configuration
To configure your account(s) for SSO, please submit a ticket to Net-Inspect with the following information:
- Identity Provider Public Key/Certificate (Base64 encoded) (Required)
- SAML Entity Id (Issuer) (Required)
- Logout Redirect URI (Optional)
- Identity Provider Location URL (Required for SP-Initiated SSO)
- Identity Provider Binding (Required for SP-Initiated SSO)
After Net-Inspect completes the configuration, you will be contacted to validate the configuration by testing sign-in via SSO.
SAML Response Requirements
To successfully establish a connection between your identity provider and Net-Inspect, the following SAML Response requirements must be met:
- SAML 2.0 using Form POST
- SAML Response must be signed
- SAML Response must have a single Assertion with NameID = Net-Inspect User ID
- SAML Assertion must have proper NotBefore and NotOnOrAfter conditions
- SAML Response must be posted to the consumer service URL: https://www.net-inspect.com/Authentication/WSSO
Testing Scenarios for SSO
SP-Initiated SSO Testing
Net-Inspect provides a button within the user account under Company Setup -> Access Control Setup page to test the SP-initiated SSO setup.
Note: SP-Initiated Login is only available when session lock is enabled and for applications utilizing our API and SSO login. SP-Initiated login is not available for users to sign in to Net-Inspect directly from the login page.
IdP-Initiated SSO Testing
- Basic IdP-Initiated SSO:
- Navigate to your identity provider's login page.
- Authenticate yourself using the identity provider's login credentials.
- Ensure that the identity provider sends a SAML response to Net-Inspect.
- Verify that Net-Inspect successfully receives and verifies the SAML response.
- Confirm that Net-Inspect grants access to the application upon successful authentication.
- Logout and Re-login:
- After successfully logging in via IdP-initiated SSO, log out from Net-Inspect.
- Navigate back to the identity provider's login page and reauthenticate.
- Ensure that a new SAML response is sent and received by Net-Inspect.
- Verify that Net-Inspect grants access upon successful reauthentication.
Contact Information
For any questions or to request a Metadata file, please contact Net-Inspect support at helpdesk@net-inspect.com.
For companies with Multi-Factor Authentication requirements, we have additional requirements here .