Skip to main content

Single Sign-On configuration

Invicti Platform supports Single Sign-On (SSO) via Security Assertion Markup Language (SAML), allowing users to access multiple applications with a single login. An Identity Provider (IdP) centralizes user and application management, eliminating the need to handle individual credentials for each service. Invicti supports both IdP- and Service Provider(SP)-initiated SAML authentication.

This document explains how to enable SSO in Invicti Platform.

info

Enabling SSO in Invicti doesn't automatically provision users—they must be added manually. SSO integration simplifies access across applications but requires user setup in Invicti Platform. For more information, refer to the Create user document.

You must also configure the integration on your SSO provider. For detailed instructions, refer to your SSO provider's documentation in the following:

Configure Single Sign-On settings

warning

To access the SSO configuration you need to be an Owner of the organization or have a custom role with System rights. Enabling SSO makes it mandatory for the whole organization, unless a user is exempted.

  1. Select Settings from the left-side menu.
  2. In the Security & access control section select SSO & Provisioning.
  3. Turn on the Enable SSO toggle.
SSO settings page in Invicti Platform showing Enable SSO toggle.
  1. From the SSO Provider drop-down list, choose your SSO provider.
  2. Copy the information from the SAML 2.0 Service URL and Identifier fields and enter it into your SSO provider configuration.
Copy SAML 2.0 Service URL and Identifier values to your SSO provider configuration.
  1. Enter the required information into the SAML 2.0 Endpoint, IdP Identifier, and X.509 Certificate fields.
Copy the values of SAML 2.0 Endpoint, IdP Identifier, X.509 Certificate from your SSO provider to Invicti Platform.
  1. Choose the signed assertions, encrypted assertions, or sign requests checkboxes as needed.
Additional security options for assertions and sign requests in Invicti Platform.
  1. If you enable any assertions or requests, a new section appears to do one of the following:
    • Choose Generate a new certificate; OR
    • Choose I have an existing certificate, then upload your certificate and enter the Certificate Password.
Certificate-related fields for encrypted assertions and sign requests.
  1. From the SSO Exemptions drop-down, choose specific users to exempt them from SSO. Doing this means the selected users can log in to Invicti Platform using password. The Owner is always exempted, while all other users are forced to use SSO when it's enabled.
SSO Exemptions field in Invicti Platform.
  1. Click Save to save your settings.

Need help?

Invicti Support team is ready to provide you with technical help. Go to Help Center

Was this page useful?