SentinelOne - SAML Relying Party Configuration - RSA Ready Implementation Guide
2 years ago
This article describes how to integrate RSA with SentinelOne using SAML Relying Party.

Configure RSA Cloud Authentication Service

Perform these steps to configure RSA Cloud Authentication Service as Relying Party to SentinelOne.
Procedure
  1. Sign in to the RSA Cloud Administration Console.
  2. Navigate to the Authentication Clients menu, and from the dropdown, select Relying Parties.image.png
  3. In the Relying Party Catalog, select Add a Relying Party and click Add for Service Provider SAMLimage.png
  4. On the Basic Information page, enter a name for the application in the Name field and click Next Step.image.png
  5. In the Authentication tab, select SecurID manages all authentication.
  6. Select the Primary Authentication Method and Access Policy for Additional Authentication as required and click Next Step.image.png
  7. Provide the Service Provider details in the following format: 
    1. Assertion Consumer Service (ACS) URLhttps://<tenant ID>.sentinelone.net/web/api/v2.0/users/login/sso-saml2/<application ID>.
    2. Service Provider Entity IDhttps://<; tenant ID >.sentinelone.net/sso_service_provider/<application ID>
image.png
Refer to Notes section to obtain the Tenant ID and Application ID.
  1. In the SAML Request Protection section, select the SP signs SAML requests checkbox. Then, click Choose File to select the certificate obtained from the SP.
  2. In the SAML Response Protection section, select IdP signs assertion within response, and download the certificate by clicking Download Certificate.image.png
  3. Under the User Identity section, select Show Advanced Configuration, then configure Identifier Type and Property as follows: 
    1. Identifier Type: Auto Detect 
    2. Property: Auto Detect
image.png
  1. Click Save and Finish.
  2. On the My Relying Parties page, click Edit dropdown and select Metadata option to download the metadata.image.png
  3. Click Publish Changes to save your settings. After publishing, your application will be enabled for SSO.image.pngimage.png

Notes

To obtain the Assertion Consumer Service URL, Entity ID, and certificate from SentinelOne, follow the step:
  1. Go to Admin dashboard > Settings > Integration > SSO. Copy the URLs and download the certificate for the IdP configuration.image.png

Configure SentinelOne

Perform these steps to configure SentinelOne.
Procedure
  1. Log in to SentinelOne using Advanced or Enterprise credentials - https://SentinelOne.com
  2. Click Settings at the bottom left corner of the dashboard.image.png
  3. Click the INTEGRATIONS tab, select SSO, then click the Enable SSO toggle button.image.png
  4. Click Add Domain and provide a domain name.image.png
  5. Provide the following details and select the Sign SAML Request checkbox.
    1. IDP Redirect URL: The value of SingleSignOnService, obtainable from the metadata file downloaded from the RSA platform.
    2. IssuerID: The value of EntityID, obtainable from the metadata file downloaded from the RSA platform.
    3. IDP Public Certificate: Upload the certificate downloaded from the RSA platform.
image.png
  1. Select IDP Authentication and click the Test button.image.png
  2. After the SSO Test passed! message appears, click Save.image.png
The configuration is complete.
Return to SentinelOne - RSA Ready Implementation Guide
Don't see what you're looking for?