Enable and Test SSO

After you have configured an SSO, you must authenticate the external URL (DS, IBM CIS, ADFS, OneLogin, or OKTA) so that users are redirected to the Incorta home page.

Import users using one of the following methods:

  • Sign in to Incorta and manage Users in Security.
  • Import users from LDAP sync_directory into Incorta.
  • Import users from a third party user management tool into an Incorta table, then into Incorta.
Note

The following steps require root access to the machine that runs Incorta, thus, the steps apply to On-Premises installations only. However, you can import and synchronize users and groups on a Cloud or On-Premises cluster using the Security Manager.

Import users from LDAP sync_directory

  1. Navigate to <installation_path>/IncortaNode/bin.
  2. Run sync_directory_with_ldap.sh session=$incorta_cmd login <incorta_login_URL> <tenantname> <adminuser> <adminpassword>
  3. Configure ldap-config.properties:
    • ldap.base.provider.url. Server IP address for the LDAP server in the format ldap:/[<server_ip_address].
    • ldap.base.dn. The LDAP domain name. In the format ldap.base.dn=dc=<LDAP_domain_name>,dc=<domain_suffix>.
    • ldap.user.dn The LDAP username. In the format ldapluser.dn=cn=<username>,dc=<domain_name>,dc=<domain_suffix>.
    • ldap.user.dn.password The password for LDAP.
    • user.type The user type must be sso, ldap, or internal.
  4. Run ./sync_directory_with_ldap.sh to import users and groups.
  5. Unzip directory.zip and open the users.csv file to verify the type of imported users are SSO, LDAP, or internal.

Import Users from a Third Party User Management Tool

To import users from a third-party management tool (for example, ServiceNow), you must import users into an Incorta table, then import them into Incorta Analytics. You must obtain the schema from your Customer Success team.

  1. Navigate to <installation_path>/IncortaNode/bin.
  2. Open self_sync.properties.
  3. Update the users section with the user type. The options are SSO, LDAP, or INTERNAL (You must use all capital letters).
  4. Import the schema provided by your customer success representative.
  5. Modify the extract queries to match your security data.
  6. Load the schema.
  7. Start and run the python script self_sync.py http://<incorta_domain>:<port>/incorta <tenant> <username> <password>.

Incorta imports users and user group assignments.