Single Sign-On Overview

RiskLens supports Single Sign-On (SSO) via SAML 2.0 compliant Identity Provider (IdP) initiated authorization requests. Once set up with your organization RiskLens users can use their own organization’s login procedures to log in to RiskLens. 

SAML 2.0 Support 

RiskLens’ SSO support requires an organization’s Identity Provider to send all authentication requests using the SAML 2.0 protocol. All authentication requests are verified, decrypted, and mapped to a RiskLens user.   

User Credential and Permission Management 

With an SSO integration, an organization’s Identity Provider always handles the user’s credentials. The RiskLens environment does not have access to the user credentials, it can only verify authorization. The user’s permissions within RiskLens are managed within the RiskLens application.  

Requirements

• Requests are made in the SAML 2.0 protocol  

• All SAML requests must be signed and served over an encrypted connection (HTTPS)

• x509 certificates must be exchanged between RiskLens and the organization for signing and encryption during SSO setup 

• RiskLens Usernames must match those sent by the organization’s IdP. 

• All SAML requests must have the following components: 

  • An Attribute with the name: OrganizationIdentifier and the value:

    • Production:  

    • Staging:

  • The target URL for the SAML request is: 

    • https://v3.risklens.com/sso/samlAssertionConsumer

    • This is for both Production and Staging

  • The Entity ID of the RiskLens assertion consumer is:

    • https://v3.risklens.com

    • This is for both Production and Staging