Add Lacework as a Service Provider
Before configuring SAML Single Sign-On in the Lacework Console, add Lacework as a service provider (SP) with your identity provider (IdP). Adding Lacework as a service provider requires the following values, which are also displayed on the SAML configuration page.
|Service Provider Entity ID||https://lacework.net|
|Assertion Consumer Service URL||https://<account>.lacework.net/sso/saml/login|
Enable SAML in the Lacework Console
To enable SAML in the Lacework Console, navigate to Settings > Authentication and select SAML.
If you want to change from one authentication method to another, disable the currently selected method first.
Select Upload identity provider data or Manaully enter identity provider data.
To upload an identity provider meta data file, click Choose File.
To input identity provider data manually, complete the following fields:
- Identity Provider
- Identity Provider Issuer Entity ID
- Identity provider SAML 2.0 URL
- Upload Your Certificate File
Just-in-Time User Provisioning
SAML authentication supports Just-in-Time User Provisioning (JIT). Enabling this option allows for on-the-fly creation of a team member the first time they try to log in. This eliminates the need to create team members in Lacework in advance. For example, if you recently added an employee to your company, you don't need to manually create the team member in Lacework.
Before you can use SAML JIT user provisioning, you must add and define additional attributes in the SAML provider. See SAML JIT Overview for more information.