🐧
Linux Control Center
EN
EN
  • Introduction - User Manual
  • Requirements
    • Server Requirements
    • Client Requirements
  • Quick Start
  • Setup and Installation
  • Dashboard
  • Discover
    • Linux Control Center Discover
    • BeyondTrust Password Safe
  • Host Actions
    • Get Info
    • Package Check Update
    • Package Update
    • Package Vulnerable Update
    • Package Hold
    • Package Install
    • Package Remove
    • Account Add
    • Account Del
    • Account Expire
    • Account Lock
    • Account UnLock
    • File Add
    • File Del
    • File Download
    • Manage Host Service
    • Host Ping
    • Host Reboot
    • Host Shutdown
    • Insert Group
    • Check Vulnerability
    • Execute Custom Playbook
    • Execute Custom Scripts
    • Tenable Launch Scan
    • Tenable Sync Results
    • Delete Hosts
  • Host Groups
  • Managed Account
    • Create Managed Account
  • Managed Files
    • Create Managed File
  • 7 Library
    • Install Tenable Agent
  • 7 VulnDB-API
  • Custom Scripts
    • Linux Scripts
    • BeyondTrust Password Safe Secrets
  • Custom Playbooks
  • Hook Bridge
    • Hook Bridge
  • Workflow
    • Create Workflow
  • Assisted Workflow
  • Scheduler
  • Unmanaged Hosts
    • Microsoft Windows
  • Settings and Integrations
    • Settings
      • License
      • Worker
      • Nodes
      • Certificate
      • LCC Management
      • Diagnostic
      • Linux Credentials
      • Regions
      • Syncronized Files
      • Notifications
        • SMTP
        • Teams
        • Telegram
      • Parameters
      • Discover Timeout
      • Backup and Restore
    • Integrations
      • BeyondTrust
        • Password Safe
        • Privileged Remote Access
      • VMWare
      • Nutanix
      • Tenable
        • Security Center
        • Cloud Security
    • User Management
      • Console Users
        • Create Super User
        • Create Group Users
      • TOTP
      • Providers
        • SAML
          • Cisco Duo
          • Entra ID
      • Authentication
  • Release Notes
Powered by GitBook
On this page
  • Requirements
  • Overview
  • Objective
  • Microsoft Entra ID Configuration
  • SAML Provider Configuration
  • Registering the Provider in LCC
  • Registering the Endpoint in the IDP
  • Granting Permission to the Provider
  • Access with Identity Provider
  1. Settings and Integrations
  2. User Management
  3. Providers
  4. SAML

Entra ID

PreviousCisco DuoNextAuthentication

Last updated 13 days ago

Requirements

  • Linux Control Center = 2.12.X or higher

  • Pre-configured Single Sign-On (SSO) Provider

Overview

Linux Control Center allows you to configure a Single Sign-On (SSO) provider for the Console, offering secure and convenient access. LCC supports authentication via LDAP and SAML.

  • See the image representing the authentication flow.

Objective

The objective of this document is to provide a step-by-step guide to configure an access provider to the LCC Console using a SAML provider.

Microsoft Entra ID Configuration

  1. Access the Entra ID platform in your environment and go to Applications. Select App Registrations and click New Registration.

  2. Define a name for the application and choose the type of Microsoft Entra ID account that will have permission to access LCC.

  3. Define the scope of access to the application as desired.

  4. Click Register.

SAML Provider Configuration

Registering the Provider in LCC

  1. Click Config in the left menu of LCC.

  2. Click Provider.

  3. Click SAML.

  4. Click Create.

  5. Fill in the required fields as follows:

  • Name: This will be the name of the provider button on the LCC login screen.

  • Entity ID: Enter the ID of the application created in Microsoft Entra ID.

  • IDP Metadata URL: Enter the Authority URL from the Entra ID application.

  • IDP Metadata Data: Enter the metadata URL from your Identity Provider.

  1. To obtain the IDP URL information from Microsoft Entra ID, go to the Overview page of the application and click Endpoints.

  • Copy the SAML-P Sign-on Endpoint and paste it into the IDP Metadata URL field.

  1. Click Select an Icon and choose the login button icon for the provider that will appear on the LCC Console login screen. You can also upload a custom icon using a Base64 string.

  2. Click Next.

  3. Fill in the User Identifier Attribute field. This defines the user from the Identity Provider responsible for validating authentication. You can define a key to validate the IDP response.

  4. Click Next again and select the options as needed.

  5. Click Save to create the provider in the LCC Console.

Registering the Endpoint in the IDP

Important: This step is crucial in configuring the identity provider. You must register the LCC endpoint in your Identity Provider so that LCC has permission to perform queries.

  1. Click on the Identity Provider you created and copy the Assertion Consumer Service URL. Paste it into the Redirect URL field in the Microsoft Entra ID application.

  2. Field configuration in Microsoft Entra ID.

Granting Permission to the Provider

  1. Click Config in the left menu.

  2. Click Authentication.

  3. Click the Providers tab, select the provider, and move it to the table on the right.

  4. Click Save to set the provider (e.g., Cisco Duo) as a valid authentication method.

Access with Identity Provider

  1. Log out from the current user and click the Identity Provider button you created. LCC will perform the query and read the SAML response to validate access to the Console.