Table of Contents

Logpoint MFA and SAML SSO

Summary

This document will guide you through the steps to enable multi-factor authentication and SSO for the SIEM solution LogPoint (Streamlined and Converged Cyber Security - Logpoint)

Prerequisites

  • Logpoint administrative rights

Instructions

Configure PhenixID Authentication Services as Identity Provider

  1. Setup PhenixID Authentication Services as a  SAML IdP.
  2. Configure the appropriate authenticators
  3. Go to Scenarios->Federation->YOUR_IDP->Execution Flow
  4. Make the following adjustments:
    1. Fetch the email or userPrincipalName attribute from the user store. This will be used as the LogPoint userID.
    2. LogPoint consumes a role attribute in the SAML assertion. Add configuration to your execution flow (such as LDAPGroupFiltering) to get the proper role value from the user.
    3. Add a PropertyAddValve above the AssertionProvider with the following values. Change property_containing_username to mail or userPrincipalName.
      • name = username
      • value = {{item.property_containing_username}}
    4. Add a PropertyAddValve above the AssertionProvider with the following values. Change property_containing_role to the correct item property name based on above configuration.
      • name = role
      • value = {{item.property_containing_role}}
    5. Click AssertionProvider
    6. Set NameID Attribute = username
    7. Set additional attributes = username,role
  5. Save.
  6. Then export your SAML IdP metadata by going to the URL: https://YourServerDomainName/authentication/saml/IDP_Name/meta and download the metadata to a xml file, idp.xml.

Configure LogPoint

  1. Login to LogPoint as an administrator
  2. Configure SAML by following this guide. (Install SAML first if not previously performed)
    1. Use the idp.xml file to retrieve the values for IdP entityID, SSO Endpoint URL and X509 certificate
    2. Set Response username field = username
    3. Set Response role field = role
    4. Name the downloaded LogPoint metadata sp_logpoint.xml

Add LogPoint as a trusted Service Provider to PhenixID Authentication Services

  1. Login to configuration manager
  2. Add the metadata from logpoint
  3. Select the file (sp_logpoint.xml) downloaded in previous step

Test

  1. Browse to your LogPoint instance and select the IDP as the authentication provider.
  2. You should be redirected to PhenixID Authentication Services.
  3. Authenticate.
  4. You should be redirected back to LogPoint.
  5. You should now be logged in to LogPoint with the correct permissions.
SAML 2 Identity Provider Federation Use Case: Federation of web services Use Case: Integrate with external systems Step by Step Single Sign-On