PhenixID

Step by Step – LogPoint MFA and SSO with PhenixID Authentication Services

Summary

This document will guide you through the steps to enable multi-factor authentication and SSO for the SIEM solution LogPoint (https://www.logpoint.com/en/)

System Requirements

  • PhenixID Authentication Server 3.0 or higher
  • Logpoint administrative rights

Instruction

Configure PhenixID Authentication Services as Identity Provider

  1. Setup PhenixID Authentication Services as a SAML IdP using one of the Federation scenarios described here. (If the desired authentication method is not provided by a scenario, use the documentation for the SAML authenticator here)
  2. Go to Scenarios->Federation-><YOUR_IDP>->Execution Flow
  3. Make the following adjustments:
    1. Fetch the email or userPrincipalName attribute from the user store. This will be used as the LogPoint userID.
    2. LogPoint consumes a role attribute in the SAML assertion. Add configuration to your execution flow (such as LDAPGroupFiltering) to get the proper role value from the user.
    3. Add a PropertyAddValve above the AssertionProvider with the following values. Change <attribute_containing_username> to mail or userPrincipalName.
      name = username
      value = {{item.<attribute_containing_username>}}
    4. Add a PropertyAddValve above the AssertionProvider with the following values. Change <property_containing_role> to the correct item property name based on above configuration.
      name = role
      value = {{item.<property_containing_role>}}
    5. Click AssertionProvider
    6. Set NameID Attribute = username
    7. Set additional attributes = username,role
  4. Save.
  5. Then export your SAML IdP metadata by going to the URL:
    https://<YourServerDomainName>/saml/authenticate/<authenticator_alias>?getIDPMeta
    and download the metadata to a xml file, idp.xml.

Configure LogPoint

  1. Login to LogPoint as an administrator
  2. Configure SAML by following this guide. (Install SAML first if not previously performed)
    1. Use the idp.xml file to retrieve the values for IdP entityID, SSO Endpoint URL and X509 certificate
    2. Set Response username field = username
    3. Set Response role field = role
    4. Name the downloaded LogPoint metadata sp_logpoint.xml.

Add LogPoint as a trusted Service Provider to PhenixID Authentication Services

  1. Login to configuration manager
  2. Scenarios->Federation
  3. SAML Metadata upload
  4. Select the file (sp_logpoint.xml) downloaded in previous step

Test

Browse to your LogPoint instance and select the IDP as the authentication provider.

You should be redirected to PhenixID Authentication Services.

Authenticate.

You should be redirected back to LogPoint.

You should now be logged in to LogPoint with the correct permissions.


DISCLAIMER
Information provided in this document is for your information only. PhenixID makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners.

The origin of this information may be internal or external to PhenixID. PhenixID makes all reasonable efforts to verify this information.

PhenixID - support.phenixid.se