<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D51Y000088TFEDSA4Okta Classic EngineSingle Sign-OnAnswered2020-03-31T17:59:09.000Z2020-03-31T14:54:52.000Z2020-03-31T17:59:09.000Z

ScottS.89055 (Customer) asked a question.

March 31, 2020 at 2:54 PM
SAML 2.0 integration with Tenable.io?

Has anyone successfully integrated Okta with Tenable.io for SAML 2.0? How do I accomplish this? All I can find on the topic is the following Tenable link, and it's just not detailed enough for me to understand how I am supposed complete the setup of the custom SAML app in Okta.

 

https://community.tenable.com/s/article/Configure-SAML-and-SSO-for-Tenable-io

  • 1 answer
  • 3.35K views

  • ScottS.89055 (Customer)

    I figured it out. Here are the steps I used for anyone else that comes across this:

     

    1. In the Okta admin portal, add a new application.
    2. Select the option to Create New App.
    3. Set the Platform to Web and the Sign On Method to SAML 2.0, then press Create.
    4. Name the app whatever you want, e.g. Tenable.io, and set a custom icon if desired, then press Next.
    5. For the Single sign on URL, enter https://cloud.tenable.com/saml/login/. NOTE: You will need to change this later.
    6. For the Audience URI (SP Entity ID), enter NessusCloud.
    7. Leave all other settings at their defaults and press Next.
    8. Go to the settings for the newly created app in the Okta admin portal.
    9. Go to the Sign On section of the app configuration.
    10. Right-click Identity Provider Metadata in the SAML 2.0 section and choose the option to save the link as a file (the option name is browser-dependant). This will save an XML file named metadata (no extension) to disk.
    11. Rename the file downloaded in step 10 to idp.xml.
    12. Create a Tenable support case requesting they enable SAML for your Tenable.io tenant, attach idp.xml to the case, and supply a valid Tenable.io username for your tenant (e.g. your own) in the case notes.
    13. When Tenable support supplies the service provider metadata XML file (mine was named metadata (27).xml) as a response to your support case, open the XML file with a text editor and get the full, correct Single sign on URL from the XML from the Location attribute in the md:AssertionConsumerService tag.
    14. In the Okta admin portal, go to the new app's configuration and go to the General section.
    15. Press Edit in the SAML Settings section.
    16. Press Next to skip to Configure SAML.
    17. Replace the Single sign on URL with the URL retrieved in step 13 from the XML supplied by Tenable support.
    18. Press Next.
    19. Press Finish.

     

    The custom Tenable.io SAML 2.0 Okta app is now ready for assignment and use.

    Expand Post
    Selected as Best

  • ScottS.89055 (Customer)

    I figured it out. Here are the steps I used for anyone else that comes across this:

     

    1. In the Okta admin portal, add a new application.
    2. Select the option to Create New App.
    3. Set the Platform to Web and the Sign On Method to SAML 2.0, then press Create.
    4. Name the app whatever you want, e.g. Tenable.io, and set a custom icon if desired, then press Next.
    5. For the Single sign on URL, enter https://cloud.tenable.com/saml/login/. NOTE: You will need to change this later.
    6. For the Audience URI (SP Entity ID), enter NessusCloud.
    7. Leave all other settings at their defaults and press Next.
    8. Go to the settings for the newly created app in the Okta admin portal.
    9. Go to the Sign On section of the app configuration.
    10. Right-click Identity Provider Metadata in the SAML 2.0 section and choose the option to save the link as a file (the option name is browser-dependant). This will save an XML file named metadata (no extension) to disk.
    11. Rename the file downloaded in step 10 to idp.xml.
    12. Create a Tenable support case requesting they enable SAML for your Tenable.io tenant, attach idp.xml to the case, and supply a valid Tenable.io username for your tenant (e.g. your own) in the case notes.
    13. When Tenable support supplies the service provider metadata XML file (mine was named metadata (27).xml) as a response to your support case, open the XML file with a text editor and get the full, correct Single sign on URL from the XML from the Location attribute in the md:AssertionConsumerService tag.
    14. In the Okta admin portal, go to the new app's configuration and go to the General section.
    15. Press Edit in the SAML Settings section.
    16. Press Next to skip to Configure SAML.
    17. Replace the Single sign on URL with the URL retrieved in step 13 from the XML supplied by Tenable support.
    18. Press Next.
    19. Press Finish.

     

    The custom Tenable.io SAML 2.0 Okta app is now ready for assignment and use.

    Expand Post
    Selected as Best
This question is closed.
Loading
SAML 2.0 integration with Tenable.io?