Adding SentinelOne

Setting up Passly SSO with SentinelOne

Configure the Single Sign On application.

This guide is provided as reference only, for any assistance with any SentinelOne settings please contact SentinelOne support directly via https://www.sentinelone.com/global-services/get-support-now/  

Passly setup

    1. Log into Passly https://(companyname).my.passly.com
    2. Select Directory Manager.
    3. Select Groups.
    4. Select the Blue plus sign in the bottom right corner.
      blobid1.png
    5. Name the Group SentinelOne Users.
      Note: If you have other existing Groups for SSO users you can use one of these as well.
    6. Select Add Group.
    7. Select SSO Manager.
    8. Select the Blue plus sign in the bottom right corner.
      mceclip0.png
    9. Select Custom Application.
      mceclip1.png
    10. Name the Application SentinelOne.
    11. Upload your desired Logo.
    12. Select "Application is Enabled".
      mceclip2.png
    13. Choose your preferred Authentication Policy.
      mceclip4.png
    14. Select Protocol Setup.
      mceclip3.png
    15. Select Protocol SAML SP-Init
      mceclip5.png
    16. Enter Assertion Consumer Service URL
      Gather this from Step 7 in the SentinelOne setup.
    17. Enter the Audience URI
      This is the same as the Assertion Consumer Service URL.
    18. Enter the SP Entity ID into “Service Entity ID” field.
      Gather this from Step 8 in the SentinelOne setup.
    19. Set the Token Lifetime.
      (Default is 60 minutes)
      mceclip6.png
    20. Select Advanced Settings.
      mceclip8.png
    21. Select Advanced Setting Menu. Enable the following.
      Select Sign Token Response & Include All Audience URIs.
      mceclip7.png
    22. Select Sign assertions & choose SHA-256.mceclip9.png
    23. Select Attribute Transformation.
      mceclip10.png
    24. Select Specify custom attribute transform.

      Attribute Value: {User.EmailAddress} 
      Send As: Email

      Attribute Value: {User.DisplayName}
      Send As: Full Name

      mceclip11.png

    25. Select Add Application
      mceclip12.png
    26. Select Permissions. Select the group you created in Step 4. 
      mceclip13.png
    27. Select Signing and Encryption.
    28. Select Copy, this will display the certificate value. 
      blobid0.png
    29. Paste the copied values into Notepad. Save the file as SentinelOne.txt.
      Note: You will need this file to import into SentinelOne.
    30. Select Save Changes.
      mceclip15.png
    31. Select “Launchpad”. 
    32. You should see the new SentinelOne icon.
      Right click on it and select “Copy Link Address”
      Note: You will need this address in SentinelOne.

Users will be able to access the application from the SSO Launchpad.
mceclip16.png

SentinelOne Setup

  1. In an In-Private Browser tab open SentinelOne as an administrator. In SentinelOne
  2. Click on “Settings”
  3. Click on “Integrations”
  4. Click on “SSO”
  5. On the SSO configuration screen we’ll need various values from Passly, we’ll also need some of the values here for Passly’s own configuration. We cannot save the SentinelOne configuration until after it has been tested and verified though. So expect to go back and forth just a little bit.
  6. Use the following settings:
    1. Domain Name: Your email address domain (jdoe@mycompany.com would enter mycompany.com)
    2. IDP Redirect URL: We’ll get this from Passly in a bit.
    3. Issuer ID: https://mycompany.my.passly.com/trust where mycompany is your Passly subdomain.
    4. Default Role: Set to whatever roll you’d like your new users configured as on first login if you check “Auto Provisioning”
    5. Auto Provisioning: Optional, and will cconfigure new users for you when they click in using SSO. An Administrator in SentinelOne can then change their role off the default after their first login. So use the lowest setting you think applicable first.
    6. IDP public certificate: Again we will get this from Passly in a bit. It is not the file you’re expecting.
    7. Assertion Consumer Service URL: Copy this as we need it shortly
    8. SP Entity ID: Copy this as we need it shortly
      We now need to be able to access the application ourselves.
    9. In the field “IDP Redirect URL” past the address we just copied from Passly’s SSO link.
      1. This should look something like: https://mycompany.my.passly.com/trust/launch?ApplicationId=12345678-1234-1234-1234-12345678901
      2. For “IDP public certificate” upload the text file we saved earlier with the certificate data.
      3. Click “Test”.

If you’ve done everything correctly the test will succeed and you can now save the configuration.

Note: It is also possible to assign users a role besides the default one, however you’d need to create a field in Passly and configure this for users as part of provisioning them.

Attachments

Have more questions?

Contact us

Was this article helpful?
0 out of 0 found this helpful

Provide feedback for the Documentation team!

Browse this section