Provisioning SAML

Kolide

Integrate idemeum with Kolide using SAML for Single Sign-On and SCIM for user provisioning.

Oct 20, 2022 3 min read
Kolide

Capabilities overview

Message your employees on Slack providing customized security and compliance recommendations for their Linux, Mac, and Windows devices.

Pricing page (include the link to pricing)

Supported capability Required plan Details
Passwordless SSO Paid plan Low SSO tax
Automated provisioning Paid plan SCIM 2.0 (create, remove, update accounts)

Prerequisites

In order to integrate idemeum with Kolide you will first need to obtain SAML metadata parameters for your idemeum tenant. Specifically you will need:

  • Identity Provider SSO URL
  • Public X509 certificate (PEM format)

Instructions for how to obtain these SAML metadata parameters are below.

How to obtain SAML metadata for idemeum
SAML metadata is the data that describes the information needed to communicate between your SaaS application and idemeum in order to enable Single Sign-On. Based on SAML terminology SaaS application is called Service Provider (SP) and idemeum will be Identity Provider (IDP). Typically you will be a…
Docsidemeum team

Passwordless Single Sign-On (SAML)

Configure SSO in Kolide

  • Navigate to your Kolide admin dashboard
  • Click on your user icon and choose Settings
  • Choose Single Sign-On
Copy Kolide SSO URL and Kolide issuer URL as you will need these values to configure Kolide application in idemeum.
  • Paste Identity Provider SSO URL that you obtained from the metadata section into IDP SSO Target URL
  • Paste Public X509 certificate (PEM format) into X-509 certificate
Do not save the configuration just yet. First we will configure Kolide application in idemeum.

Configure SSO in idemeum

  • Navigate to your idemeum admin portal at https://[your domain].idemeum.com/adminportal
  • Click Applications in the left menu
  • Search for Kolide application and click Add App
  • Click SAML at the top navigation menu
  • Paste Kolide SSO URL and Kolide issuer URL into Assertion Consumer Service URL and Audience URI respectively
  • Save configuration
  • Now navigate to Entitlements section and entitle Kolide application to user for Single Sign-On testing
  • Navigate back to Kolide and click Save and test SSO
  • If configuration is successful you will see the confirmation pop up
  • Now as SAML SSO is configured you can navigate to Authentication and Provisioning and configure SAML to be the default authentication method

Automated provisioning with SCIM

  • Navigate to Kolide admin dashboard and access Settings -> Single Sign-On -> SCIM settings
  • Copy SCIM connector base URL and generate bearer token as you will need this information for configuration in idemeum
  • Navigate to idemeum Kolide application and click Provisioning section
  • Paste SCIM connector base URL and token
  • Save configuration

Application entitlements

Before users can access applications you need to make sure you entitle applications to them. In idemeum admin portal navigate to Entitlements section to assign applications to your employees.

SAML SSO login flows

Kolide supports both:

IDP Initiated Flow

You can navigate to idemeum portal and launch Kolide application by clicking on the application icon.

SP Initiated Flow

Navigate to Kolide and enter your email. You will be asked to sign in with your SSO identity provider.

Published by
idemeum team
idemeum team
You might also like
Great! Next, complete checkout for full access to idemeum integrations.
Welcome back! You've successfully signed in.
You've successfully subscribed to idemeum integrations.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.