AssetSonar SAML Single Sign-On (SSO) integration

This topic describes how to configure AssetSonar for SAML SSO in CyberArk Identity.

AssetSonar SSO supported features

This application template supports the following features:

  • IdP-initiated SSO

  • SP-initiated SSO

Prerequisites for AssetSonar SSO

Before you configure AssetSonar for SSO, you need the following information:

  • The AssetSonar domain single sign-on URL in the following format:

    https://<organization-name>.assetsonar.com

    For example: https://cyberark.assetsonar.com.

  • The generic SP Entity ID: https://www.assetsonar.com

  • An administrator account and users created for SSO in AssetSonar

Configure the AssetSonar application template in the Identity Administration portal

Step 1: Add the AssetSonar web app template.

  1. In the Identity Administration portal, select Apps & Widgets > Web Apps, then click Add Web Apps.

    Add a web app screen

  2. On the Search page, enter the application name in the Search field and click the search button.

  3. Next to the application name, click Add.

  4. On the Add Web App page, click Yes to confirm.

  5. Click Close to exit the Application Catalog.

    The application opens to the Settings page.

Step 2: Configure the Trust page

  1. Click Trust to go to the Trust page.
  2. Copy the value in the IdP Entity ID field, then download the Signing certificate. You will need this information later when you configure the AssetSonar application.

  1. In the Service Provider Configuration section, select Manual Configuration, then review the following pre-configured SAML settings. Click Save after you finish.

    Setting Description

    SP Entity ID

    https://www.assetsonar.com

    Assertion Consumer Service ( ACS) URL

    Obtain this URL from the AssetSonar application when you complete the steps in Configure AssetSonar for SAML single sign-on. For example:

    https://cyberark.assetsonar.com/users/auth/saml/callback

Step 3: Configure the SAML Response page

  1. Verify the following attributes with the AssetSonar attribute name in the Attribute Name column and the CyberArk attribute in the Attribute Value column. Enter the same attributes in the AssetSonar application when you Configure AssetSonar for SAML single sign-on.

    Attributes are case-sensitive.

    Attribute Name Attribute Value
    email LoginUser.Email
    first_name LoginUser.FirstName
    last_name LoginUser.LastName

  2. Map any other attributes that you want to pass in the SAML response, then click Save.

Step 4: Configure the Permissions page to grant AssetSonar users SSO access

Grant SSO access to AssetSonar by assigning permissions to users, groups, or roles.

  1. On the Permissions page, click Add.

  2. Select the user(s), group(s), or role(s) that you want to grant permissions to, then click Add.

    The added object appears on the Permissions page with View, Run, and Automatically Deploy permissions selected by default.

  3. Select the permissions you want and click Save.

    Default permissions automatically deploy the application to the User Portal if the Show in user app list option is selected on the Settings page. Do not select this option if you intend to use only SP-initiated SSO.

    Change the permissions if you want to add additional control or if you prefer not to automatically deploy the application.

Step 5: Review and save.

Review your settings to confirm your configuration. For example, you might want to verify that you selected the appropriate users, groups, or roles on the Permissions page. Click Save when you are satisfied.

Configure AssetSonar for SAML single sign-on

Perform these steps in AssetSonar to configure the AssetSonar application template for SSO.

  1. Sign in to AssetSonar as an administrator.

  2. Go to Settings > Add Ons > SAML Integration.

  3. Paste the IdP Entity ID that you copied from the CyberArk IdP configuration into the Identity Provider URL field in AssetSonar.

  4. Open the Signing certificate file that you downloaded from the CyberArk IdP, copy the certificate, and paste it into the Identity Provider Certificate field in AssetSonar.

  5. In the Login button text field, enter text to appear on the sign-in screen login button. For example: Access through SAML SSO

  6. Fill in the following SAML attributes used in the Configure the SAML Response page steps:

    • LoginUser.firstName

    • LoginUser.last_name

    • LoginUser.emailaddress

  7. Click Save.

Test the AssetSonar SSO configuration

Now that you have finished configuring the application template settings in the Identity Administration portal and AssetSonar, AssetSonar users can benefit from SP-initiated SSO.

To test IdP-initiated SSO:

  1. Sign in to CyberArk IdentityUser Portal with the user account you just added.

  2. Click the AssetSonar application tile to launch AssetSonar in a new tab and automatically sign in.

To test SP-initiated SSO:

  1. Go to your organization's AssetSonar SSO URL. For example:

    https://cyberark.assetsonar.com

  2. Enter your email address, then click Next.

    You are redirected to the IdP. After successful authentication, you are redirected back to AssetSonar, which displays the web interface.