Authentication/Single Sign-on/User Directory on SolCyber Knowledgebase

DUO Security

Mon, 01 Jan 0001 00:00:00 +0000

Note that only administrators with the Owner role can create or modify an Admin API application in the Duo Admin Panel.

Securonix supports ingestion of the following types of DUO logs:

Duo Security Administrator
Duo Security Authentication

Log in to the Duo Admin Panel and navigate to Applications.
Click Protect an Application and locate the entry for Admin API in the applications list. Click Protect to the far-right to configure the application and get your integration key, secret key, and API hostname. You’ll need to provide these credentials to SolCyber via onetimesecret.com or other secure methods.
The required permissions are:
- Grant read log
- Grant read information

EntraID (aka Azure Active Directory) User Import

Mon, 01 Jan 0001 00:00:00 +0000

Login to Azure portal.
Locate App registrations using the Search bar from Dashboard.

Click New Registration from the App registrations screen to register an application.

Provide the following details in the Register an application screen:

Name: Securonix AzureAD Users
Supported account Types: Select the Accounts in this organizational directory only option.

Click Register.
Make a copy of Application (client ID) and Directory (tenant ID) for the application from the Application screen.

EntraID (AzureAD) Risky Users and Detections

Mon, 01 Jan 0001 00:00:00 +0000

An Azure P1 or P2 license is required to ingest Azure Risky Users events.

An Azure P2 license is required to ingest Azure Risky Detection events.

Logon to the Azure portal as an admin and search for Apps registration from the top search bar.

EntraID (aka Azure Active Directory) Audit/Sign In

Mon, 01 Jan 0001 00:00:00 +0000

MS Entra (aka Azure Active Directory) Audit/Sign In#

You must have an MS Entra ID P1 or P2 license in order to export Entra/Azure Active Directory Sign In logs. These logs provide us visibility into all authentication attempts to Azure AD accounts and are an important source of intel in the case of compromised accounts. We recommend that customers either move to a different M365 license or, at a minimum, purchase an Azure P1 license as an add on, especially if the company uses AzureAD as an IDP for Single Sign On.

Google Directory

Mon, 01 Jan 0001 00:00:00 +0000

Follow the documentation for Google Workspace in the Cloud Services/SaaS category:

Google WorkspaceComplete the following steps to configure the Google Workspace connection using OAuth2.0

JumpCloudSSO

Mon, 01 Jan 0001 00:00:00 +0000

Log in to the JumpCloud SSO portal: https://console.jumpcloud.com
Click the circle in the top right corner of the screen.

Click API Settings. Your API key will appear.

Warning: Because Jumpcloud has only one API key per site, any change will stop your JumpCloud datasource from ingesting data. Please communicate this impact with your SolCyber administrators.

Okta System Authentication

Mon, 01 Jan 0001 00:00:00 +0000

Navigate to the Okta login screen and sign in with your credentials.

Click API > Tokens from the navigation menu.

Click Create Token.

Enter a name for your token, then click Create Token.

The token name above will be used within SNYPR when you set up the Okta connector.

Make a note of the Token Value then click OK, got it.