SentinelOne - SAML My Page SSO Configuration - RSA Ready Implementation Guide
2 years ago
This article describes how to integrate SentinelOne with RSA Cloud Authentication Service using My Page SSO.

Configure RSA Cloud Authentication Service

Perform these steps to configure RSA Cloud Authentication Service using My Page SSO.
Procedure
  1. Enable My Page SSO by accessing the RSA Cloud Admin Console > Access > My Page > Single Sign-On (SSO). Ensure it is enabled and protected using two-factor authentication - Password and Access Policy.image.png
  2. On the Applications > Application Catalog page, click Create From Template.image.png
  3. On the Choose Connector Template page, click Select for SAML Direct.image.png
  4. On the Basic Information page, enter a name for the configuration in the Name field and click Next Step.image.png
  5. In the Connection Profile section, select IdP-initiated option.image.png
  6. Provide the Service Provider details in the following format: 
    1. Assertion Consumer Service (ACS) URL: https://<tenant ID>.sentinelone.net/web/api/v2.0/users/login/sso-saml2/<application ID>.
    2. Service Provider Entity ID: https://< tenant ID >.sentinelone.net/sso_service_provider/<application ID>.
image.png
Refer to Notes section to obtain the Tenant ID and Application ID.
  1. In the SAML Request Protection section, select the SP signs SAML requests checkbox. Then, click Choose File to select the certificate obtained from the SP.image.png
  2.  In the SAML Response Protection section, select IdP signs entire SAML response, and download the certificate by clicking Download Certificate.image.png
  3. Under the User Identity section, select Show Advanced Configuration, then configure Identifier Type and Property as follows: 
    1. Identifier Type: Auto Detect 
    2. Property: Auto Detect
image.png
  1. Click Next Step.
  2. Choose your desired Access Policy for this application and click Next Step > Save and Finish.image.png
  3. On the My Applications page, click the Edit dropdown and select Export Metadata to download the metadata.image.png
  4. Click Publish Changes to save your settings. After publishing, your application will be enabled for SSO.image.pngimage.png

Notes

To obtain the Assertion Consumer Service URL, Entity ID, and certificate from SentinelOne, follow the step:
  1. Go to Admin dashboard > Settings > Integration > SSO. Copy the URLs and download the certificate for the IdP configuration.image.png

Configure SentinelOne

Perform these steps to configure SentinelOne.
Procedure
  1. Log in to SentinelOne using Advanced or Enterprise credentials - https://SentinelOne.com
  2. Click Settings at the bottom left corner of the dashboard.image.png
  3. Click the INTEGRATIONS tab, select SSO, then click the Enable SSO toggle button.image.png
  4. Click Add Domain and provide a domain name.image.png
  5. Provide the following details and select the Sign SAML Request checkbox.
    1. IDP Redirect URL: The value of SingleSignOnService, obtainable from the metadata file downloaded from the RSA platform.
    2. IssuerID: The value of EntityID, obtainable from the metadata file downloaded from the RSA platform.
    3. IDP Public Certificate: Upload the certificate downloaded from the RSA platform.
image.png
  1. Select IDP Authentication and click the Test button.image.png
  2. After the SSO Test passed! message appears, click Save.image.png
The configuration is complete.
Return to SentinelOne - RSA Ready Implementation Guide
Don't see what you're looking for?