InsightCloudSec Docs

Welcome to the InsightCloudSec Docs!

InsightCloudSec by Rapid7 (formerly DivvyCloud) is a Cloud-Native Security Platform that provides real-time analysis and automated remediation for continuous security and compliance for your multi-cloud environment.

For questions reach out to us through [email protected].

Take Me to the Docs!    Release Notes

Azure AD + SAML

Instructions for Configuration of Azure Active Directory & SAML as an Authentication Server with InsightCloudSec

Overview

This page provides instructions on installing the Azure Active Directory (AD) security assertion markup language (SAML). For questions or concerns regarding these instructions or other Azure-configuration-related issues, reach out to us at [email protected].

We also provide support for Azure Active Directory and Azure Active Directory- Just In-Time Provisioning refer to these individual pages for configuration details for these authentication options.

📘

Value Names (DivvyCloud vs. InsightCloudSec)

Some examples, screen captures, and components use our former product name (DivvyCloud vs. InsightCloudSec). Updates to the naming of these components will be communicated when changes are made, but note that the name difference does not affect functionality within the product.

Prerequisites

Before getting started with this installation, you must have the following:

  • A functioning InsightCloudSec platform (20.4.4 or later)
  • Appropriate InsightCloudSec permissions (Domain Admin or Org Admin)
  • Administrative credentials to your Azure Portal and an active Azure AD subscription

📘

Before Getting Started

The completion of this setup requires a lot of back and forth between your Azure Console and InsightCloudSec, each step where this changes is clearly specified.

We recommend that you plan on enough time (approximately 15-20 minutes) to complete the process before you start so you don't lose the work and have to start over.

Steps to Complete

Refer to the steps below to complete the Azure AD SAML installation process.

1. Login to your Microsoft Azure portal and navigate to "Azure Active Directory → Enterprise applications".

Enterprise ApplicationsEnterprise Applications

Enterprise Applications

2. Next, click “New application”, then click "Create your own application" and name it InsightCloudSec/DivvyCloud. Ensure the "Integrate any other application you don't find in the gallery (Non-gallery)" option is selected, and click "Create".

Add Application FieldAdd Application Field

Add Application Field

3. Navigate to the new application pane ("Azure Active Directory → Enterprise applications → InsightCloudSec/DivvyCloud").

New Application PaneNew Application Pane

New Application Pane

4. On the left-side column under "Manage," select "Single sign-on."

Single Sign-on FieldSingle Sign-on Field

Single Sign-on Field

5. Next, select the "SAML" box.

SAML BoxSAML Box

SAML Box

6. The "Set up Single Sign-On with SAML" page will appear, as shown below.

Basic SAML Configuration PageBasic SAML Configuration Page

Basic SAML Configuration Page

7. In a different browser tab navigate to your InsightCloudSec instance, then click "Administration → Identity Management → Authentication Servers."

Administrators and Identity Management TabsAdministrators and Identity Management Tabs

Administrators and Identity Management Tabs

8. Click "Add Server" and the "Create Authentication Server" window will appear. Provide a server nickname and select "SAML" from the drop-down menu.

Create Authentication Server MenuCreate Authentication Server Menu

Create Authentication Server Menu

9. Selecting "SAML" will expand this dialog box, which contains the required URL for this configuration.

  • Note: Copy the "Assertion Consumer Service URL".

10. Return to the Azure console and click "Edit" (pencil icon) next to section 1 ("Basic SAML Configuration").

  • Insert the base URL for your InsightCloudSec/DivvyCloud instance in the "Entity ID" box and then insert the Assertion Consumer Service URL (from the previous step) into the "Reply URL (Assertion Consumer Service URL)" box.
Entity ID and Reply URL BoxesEntity ID and Reply URL Boxes

Entity ID and Reply URL Boxes

11. Edit section 2 as necessary ("User Attributes & Claims").

12. In section 4 ("Set up InsightCloudSec/DivvyCloud"), copy the "Azure AD Identifier":

Azure AD IdentifierAzure AD Identifier

Azure AD Identifier

13. In your InsightCloudSec instance, paste the Azure AD Identifier into the field shown below.

InsightCloudSec - Adding MetadataInsightCloudSec - Adding Metadata

InsightCloudSec - Adding Metadata

14. In the Azure console, copy the "Login URL":

Azure Console - Login URLAzure Console - Login URL

Azure Console - Login URL

15. In your InsightCloudSec instance, paste the Login URL into the field show below:

InsightCloudSec - Azure URLInsightCloudSec - Azure URL

InsightCloudSec - Azure URL

16. In the Azure console, download the "Certificate (Base64)" from Azure and open it in a text editor.

  • Copy the entire certificate.
Azure Console - Certificate Base64Azure Console - Certificate Base64

Azure Console - Certificate Base64

17. In your InsightCloudSec instance, paste the certificate into the field shown below:

InsightCloudSec - Add Certification DetailsInsightCloudSec - Add Certification Details

InsightCloudSec - Add Certification Details

18. Paste the following URN value into the field shown in the image below:

  • urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
InsightCloudSec - NameIDInsightCloudSec - NameID

InsightCloudSec - NameID

19. Ensure the "dontSendSubject" checkbox in the attributes list is selected.

20. Ensure the "Don't Send RequestedAuthnContext" and "Send Custom RequestedAuthnContext" checkboxes remain unchecked.

InsightCloudSec - Verify selections on the formInsightCloudSec - Verify selections on the form

InsightCloudSec - Verify selections on the form

❗️

Requested Authentication Context Issues

If you are experiencing errors while logging in and not sending any Requested Authentication Context, please contact support. The error will look something like the image below:

Requested Authentication Context ErrorRequested Authentication Context Error

Requested Authentication Context Error

20. Navigate to the bottom of the dialog and click "Submit".

Submit ButtonSubmit Button

Submit Button

21. Return to the Azure console and select the "Test" button.

Azure Console - Test Single Sign-on With InsightCloudSec PageAzure Console - Test Single Sign-on With InsightCloudSec Page

Azure Console - Test Single Sign-on With InsightCloudSec Page

22. Ensure the current user has a role in this application and then press the "Sign in as current user" button. (Verify that the token is generated and returned.)

Azure Console - Sign in as Current User InterfaceAzure Console - Sign in as Current User Interface

Azure Console - Sign in as Current User Interface

23. You should now be logged into InsightCloudSec with your account activated.

Updated 4 days ago

Azure AD + SAML


Instructions for Configuration of Azure Active Directory & SAML as an Authentication Server with InsightCloudSec

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.