Last Updated: 2026-01-05
Purpose
This article provides setup information on the Identity Provider (IdP) integration.
Introduction
An Identity Provider (IdP) offers user authentication as a service. It is a trusted provider that allows the use of Single Sign-On (SSO) to access other applications. SSO enhances the usability by reducing password fatigue, as passwords are maintained on your IdP.
Setting Up Identity Provider
To enable SSO on OUTSCAN or HIAB, you must import meta-data from your IdP into the solution. You also need to export the service provider’s meta-data from OUTSCAN or HIAB and import it to your IdP.
While reading the response from IdP during signing in to our portal, we accept signed assertions with parameters. The parameters list which your IdP is returning in response must include your user name in a parameter. By default it is set to parameter named uid but you can set up to different parameter (eg Subject attribute).
To set up Identity Provider:
-
Go to Menu > Settings > Integrations and select the Identity Provider tab.
-
Provide the below information to enable Identity Provider (IdP):
|
Option |
Description |
||
|---|---|---|---|
|
Enabled |
Select the Enabled checkbox to enable the protocol for single sign-on trusting another source to log in. |
||
|
Use one or both of the following option to provide metadata of IdP: |
|||
|
Get metadata from file |
Select Identity provider’s metadata file by clicking the + symbol beside the field. Metadata contains information such as how it works, what type of login is acceptable and so on. |
||
|
Get metadata from URL |
Provide a URL from which the OUTSCAN or HIAB (Service Provider) should fetch metadata from IdP. |
||
|
Subject attribute |
Enter uid string if you want to use USERNAME that is not an email address. This field cannot be left empty. Subject attribute considerations uid is a reserved name in Outpost24 software to truncate the USERNAME to the part below the @ sign, meaning that if you want to use email address as USERNAME, you can not use uid as Subject attribute, but you can use any other string (such as emailAddress). The parameter name must be typed as expected in the SAML authentication response (one single word starting with lowercase and may include some upper cases (eg camelCase)).
|
||
|
Signature hash algorithm |
Select between SHA-256 or SHA-1. |
||
|
Direct access to portal |
SSO binds you respectively to Portal UI or NetSec UI when box is checked or not checked. If 'Direct access to portal' appears in grey then you cannot use this capability unless you update the SP metadata on your Identity Provider. For that you need first to download the SP Metadata by clicking on SP Metadata button and then make sure to upload it on your IdP. Once done you can then select option to be directed to either NetSec or Portal UI. If 'Direct access to portal' appears in grey then only SP initiated SSO is available. If you need to enable IdP initiated SSO then you have to download the SP Metadata by clicking on SP Metadata button and then make sure to upload it on your IdP. Once done you can then perform Single Sign On from the Identity Portal side. |
||
|
Authentication with password |
Enable this flag when users authenticate with a password. |
||
|
IDP Metadata |
Click this button to display the currently uploaded metadata of the Identity Provider. |
||
|
SP Metadata |
Click on this button to display the service provider’s metadata. |
||
-
After enabling the required settings, click Save to save the current settings.
-
Click Reset to fully remove the current settings. This disables the integration.
Related Article
- Windows 10/Windows 2019 Server
- HIAB Updates
- General Information about SMB/WinRM Scanning
- Change Risk Levels
- Removing an Agent from Windows
- ServiceNow - Legacy
- Windows 8.1
- Netsec Filters
- Discovering the Agent in OUTSCAN
- Technical Specification
- Account Settings
- How to Test SMB Authentication
- Windows 2016 Server
- Identity Provider Settings
- HIAB Server Settings
- Installing a Linux Agent
- Okta Identity Provider Configuration
- Scanning-Less Scanning
- Check Connectivity to Agent Server
- Scan Scheduling Errors
- Overview
- Event Notification Module
- HIAB Maintenance Settings
- HIAB Deployment Guide
- Database Connector (HIAB only)
- Azure AD Identity Provider Configuration
- Add Comments
- Target Groups
- Checking if Agent is Running
- Core Installation
- Windows 2008 R2 Server
- Agent Installation Introduction
- Automatic Asset Joining With Netsec
- Manage Users
- Firewall Setup for Agents
- Scanning Range
- SNMP (HIAB only)
- ADFS Identity Provider Configuration
- Splunk
- Agent Call Home
- Advanced Report Filters
- Accept Risks
- SMB Authentication from OUTSCAN/HIAB
- Virtual HIAB Appliance
- Using the Agent Info Command
- Amazon
- User Roles
- Removing an Agent from Linux
- Retrieving the Agent UUID
- Atlassian Jira
- Understanding Scanner and Scheduler
- Finding the Agent Version
- Create and Edit Event Notifications
- Installing a macOS Agent
- Syslog (HIAB only)
- Setting Up an Agent Using System Proxy
- ServiceNow - App
- Thycotic
- DNS Lookup in UI and in Console
- HIAB Console
- Auditing Guide
- Adding Agent Attributes
- HIAB Distribution Settings
- Run Verification Scans
- Agent Latest Version
- Finding New Agents In OUTSCAN
- Setting up a HIAB as an Appsec Scale Scanner
- Checking Schedules from OUTSCAN in Agent
- Hardening the HIAB
- Performing a PCI DSS Scan
- Two Factor Authentication
- Attributes
- Firewall Rules
- HIAB Enrollment
- Supported Platforms for Authenticated SSH Scanning
- Authenticated Scanning Using WinRM
- OneLogin Identity Provider Configuration
- Windows 7
- HIAB Remote Support
- Compliance Scanning
- Manage Targets
- Assign Tasks
- Authenticated Scanning Using SSH
- Tickets Quick Start Guide
- Retrieving Results From the Agent in OUTSCAN
- Appliance Logs
- Converting Normal with Webapp Scans (Netsec) to Portal Workflows
- Updating the Agent
- Troubleshooting SMB Authentication
- Agent Licensing
- Mark as False Positives
- Installing a Windows Agent
- Using Farsight in Netsec
- Testing Target System for Open TCP Ports
- HIAB Restore
- Scan Stages
- Request Clarifications
- HIAB Setup Guide
- Updating Agent Attributes
- CyberArk
- LDAP/AD
- Checking if the Agent has Produced Results
- ArcSight (HIAB only)
- HIAB E-mail Whitelisting
- Adjust Identity Provider SAML Metadata File
- Scanning Critical Industrial Devices/Machines
- Reporting Tools
- Scan Scheduling
- Scanning Performance and Impact Tuning
- PCI Compliance Scanning
- Configuring and Accessing the HIAB console using SSH
- User Groups
- Create Users
- HIAB Remote SSH Guide
- Download Agents
- Create Targets
- Windows 2012 R2 Server
- HIAB Backup
- Report Scheduling
- Access Tokens
- O24AUTH
- Complementary Authenticated Scan on Default Credentials
- Authenticated Scanning Using SMB
- Dynamic Target Group