Browse Docs

SAML SSO Integraton

Overview

DefensX supports both Service Provider (SP)-initiated and Identity Provider (IdP)-initiated SAML SSO flows, providing the flexibility needed to support a wide range of authentication scenarios.

If your Identity Provider supports modern Federation Metadata URL functionality, you can complete the SAML integration in just two simple steps by exchanging metadata URLs between DefensX and your IdP.

Alternatively, you can perform a manual setup by downloading and uploading the metadata XML files between both systems.

Generic Instructions

Regardless of your Identity Provider, all SAML SSO configurations require a few essential elements. The naming and steps may vary slightly depending on the IdP, but the core components remain the same.

Key Concepts

  • In this configuration, DefensX acts as the Service Provider (SP), and your system (e.g., Okta, Azure AD, ADFS) is the Identity Provider (IdP).

  • You will need to configure the following on your IdP:

    • DefensX Identifier (also known as Entity ID)

    • Assertion Consumer Service (ACS) URL (may also be referred to as the Reply URL)

    • DefensX public signing certificate (optional for some IdPs)

  • On the DefensX side, you’ll need to provide:

    • Your IdP’s Entity ID

    • The IdP’s public certificate

Configuration Methods

Method 1: Federation Metadata URL (Recommended)

If both DefensX and your Identity Provider support Federation Metadata URLs, setup becomes extremely simple. Just exchange the metadata URLs between DefensX and your IdP—no manual data entry required. All necessary fields (Entity ID, ACS URL, certificates) will be auto-populated.

Method 2: Metadata XML Upload

If your Identity Provider supports metadata file uploads but does not accept metadata via URL, you can download the DefensX Metadata XML file and upload it to your IdP. This also automates the setup by importing all necessary values.

Method 3: Manual Configuration

If your Identity Provider does not support metadata URL or file-based configuration, you will need to manually copy and paste the following information into your IdP settings:

  • DefensX Identifier (Entity ID)

  • ACS URL (Reply URL)

  • DefensX Public Certificate

Then, enter your IdP’s Entity ID and Certificate into the corresponding fields in the DefensX admin portal.

Microsoft EntraID Integration

To configure SAML SSO integration with Microsoft Entra ID, follow the steps below:

  • Navigate to the Entra Admin Portal and go to Enterprise Applications

  • Click + New Application.

  • In the pane that appears on the right, click Create your own application.

entra 1

  • Enter a descriptive name in the What’s the name of your app? field (e.g., DefensX SAML SSO).

  • For the prompt What are you looking to do with your application?, select the third option: Integrate any other application you don’t find in the gallery (Non-gallery) and click on the Create button.

Once the application is created:

  • In the application’s Overview page, under the Manage section, click Single sign-on

  • Select SAML as the single sign-on method

  • Now, in a separate tab, open the DefensX Admin Portal, navigate to Settings → SAML SSO Integration, and click Enable SAML Integration.

dx saml 1

  • Because Microsoft Entra only supports uploading metadata XML, click Download Federation Metadata XML in the DefensX portal:

dx saml 2

  • Return to the Microsoft Entra Admin Portal and click Upload metadata file:

entra 2

  • Select the metadata XML file you downloaded from DefensX and click Add.

  • A panel will appear on the right. Wait a few seconds, then click Save to confirm.

  • If a prompt appears asking "Test single sign-on with DefensX?", choose No, I’ll test later since the configuration isn’t complete yet.

entra 3

  • After uploading the metadata, the Identifier (Entity ID) and Reply URL (ACS) fields will be automatically populated.

  • Copy the App Federation Metadata URL from Microsoft Entra and paste it into the IdP Federation Metadata URL field in the DefensX configuration screen.

  • Leave the remaining fields as default and click Update in the DefensX portal to complete the integration.

Optional: Customize and Manage Access

  • You may optionally update the logo for the newly created DefensX application in the Entra portal.

  • Like other enterprise applications, you can control user access, assign groups, and define whether user assignment is required.

Okta Integration

To configure SAML SSO integration with Okta, follow the steps below:

  • Log in to the Okta Admin Console and navigate to Applications → Applications and Click the Create App Integration button.

okta 1

  • On the next screen, choose SAML 2.0 as the Sign-in method, then click Next.

okta 2

  • Enter a descriptive name such as DefensX SAML in the App name field. Optionally, you can upload the DefensX logo.

  • Click Next to proceed.

  • In a new browser tab, open the DefensX Admin Portal and go to Settings → SAML SSO Integration.

  • Click Enable SAML SSO Integration to reveal the required information.

Back in the Okta configuration screen:

okta 3

  • Copy the DefensX ACS URL and paste it into the Single sign-on URL field in Okta.

  • Copy the DefensX Identifier (Entity ID) and paste it into the Audience URI (SP Entity ID) field.

  • Set the Application username field to Email.

  • Scroll down and click Next.

okta 4

  • For the App type, select the This is an internal app thath we have created option and click to the Finish

okta 5

  • On the application’s Sign On tab in Okta, locate the Metadata URL and copy it.

  • Return to the DefensX Admin Portal and paste this URL into the IdP Federation Metadata URL field.

  • Leave the other fields as default and click the Update button to complete the setup on the DefensX side.

  • Assign users or user groups to the newly created DefensX SAML application from the Assignments tab in Okta. You can control which users have access based on your organizational needs.