Login Authentication Configuration Guide
LAST UPDATED 06/19/2024
Introduction
This manual aims to guide readers in configuring login methods using the D3 Login Authentication interface. Through this interface, users can set up various login methods, including basic General Authentication (username and password on the D3 vSOC login page), as well as Identity Provider (IdP) methods like Active Directory (AD) login and SAML login. Here, users can assign specific login methods to individual users or sites.
For Managed Security Service Providers (MSSPs), each site corresponds to a customer. Due to the need for maintaining data isolation between these customers and meeting unique security requirements, it is practical to configure different Single Sign-On (SSO) login methods for each site.
In enterprises, each site typically represents different business departments or service lines – it is less common to have varied login methods. It is more customary to configure login methods based on users.
If you choose to receive assistance during the setup process, D3's support team will access your SOAR application using D3's SSO for configuration. Thereafter, enterprise users will be able to use their own SSO login methods via an assertion consumer service (ACS) URL.
Login Authentication - Certificate Tab
Navigating to the Login Authentication UI
Navigate to the Configuration page.
Click on the Application Settings menu item, then click on Login Authentication.
Adding a New Login Method
Click on the + New Certificate button to to render the New Auth form popup.
Enter a unique name for the login method in the Auth Name input field.
READER NOTE
D3 recommends recommends the following naming convention:
<Authentication protocol>-<Identity provider>-<D3 Subdomain>
Select an login method in the Auth Type dropdown field.
Configure the necessary parameters.
Ensure the following information is available for the setup: /info
Target URL: This is an embedded link obtained from an IdP like Microsoft Entra ID, Okta, or Google. It is used by the Assertion Consumer Service URL to redirect users to the IdP's login page for authenticating into D3 vSOC.
Different IdPs have different names for this URL. For example, Microsoft Entra ID calls it “User access URL”, whereas Okta calls it “Single Sign-On URL”.Assert Consumer Service URL: This is the D3 vSOC login page link. It is generated by D3 and sent to D3 customers. It uses the Target URL to redirect users to the IdP's login page for authenticating into D3 vSOC. It conforms to the following format:
CODEhttps://<subdomain>.<domain/server IP>/<application path>/VSOC/Login.aspx? eg. https://demo.d3securityonline.net/MainAppV2/VSOC/Login.aspx? eg. https://10.0.0.2/demopath/VSOC/Login.aspx?
Certificate: This is the base64 certificate provided by your preferred SSO platform to allow the D3 vSOC application to comm/ w SSO IdP.
READER NOTE
Different IdPs have different names for this certificate. For example, Microsoft Entra ID calls it “Certificate (Base64)”, whereas Okta calls it “X.509 Certificate”.
Ensure that an IdP user is created and assigned the IdP’s SSO application.
READER NOTE
Different IdPs have different names for their SSO application. For example, Microsoft Entra ID calls it an “Enterprise application”, whereas Okta calls it “SAML Integration”.
Click on the Save button at the bottom of the form.
Click on the Save button on the right hand side of the Login Authentication banner.
Managing Existing Login Methods
The table within the Certificate tab displays all of your configured login methods, with columns for Auth Name, Usage, and Auth Parameters.
Usage | Shows the number of users and sites currently using each login method. |
Auth Parameters | Click on the Advanced Settings button to modify a corresponding login method configuration. |
Default Login Method
Use the dropdown menu to select the default login method, which will be automatically applied upon meeting certain criteria (refer to the How Login Method is Determined section). The Default Login Method is initially set to General Authentication, which does not involve any IdPs and requires the user to enter their D3 vSOC username and password on the D3 vSOC login page.
Login Authentication - Site Tab
Assigning Login Methods to Sites
Individual Assignment
Select your desired login method in the dropdown menu underneath the Login Method column.
Click on the Save button.
Bulk Assignment
You have the option to select multiple sites individually, or to select them all at once. If no Login Method is selected, the default login method will be applied to all sites.
Individual Site Selection
Use the checkboxes to select your desired sites.
Click on the X Selected button to render the list of login methods.
Choose the login method for all the selected sites.
Click on the Save button.
Universal Site Selection
Click on the Select All button.
Click on the X Selected button to render the list of login methods.
Choose the login method for all the selected sites.
Click on the Save button.
Login Authentication - User Tab
Assigning Login Methods to Users
Individual Assignment
Select your desired login method in the dropdown menu underneath the Login Method column.
READER NOTE
Upon selecting the login method of a user, login using the redirect link provided by your identity provider (ie. “App Embed Link” for Okta, or “User access URL” for Entra ID) will automatically redirect you to your logged in vSOC.
Click on the Save button.
Bulk Assignment
You have the option to select multiple users individually, or to select them all at once. If no Login Method is selected, the default login method will be applied to all users.
Individual User Selection
Use the checkboxes to select your desired sites.
Click on the X Selected button to render the list of login methods.
Choose the login method for all the selected sites.
Click on the Save button.
Universal User Selection
Click on the Select All button.
Click on the X Selected button to render the list of login methods.
Choose the login method for all the selected sites.
Click on the Save button.
How Login Method is Determined
When a user attempts to login, the D3 system follows a particular sequence to determine the appropriate login method. The below diagram illustrates this sequence.
First, the system checks whether the login method is set under the "User" tab.
If it is, the system uses the login method set for that user.
If the login method is not set under the "User" tab, the system checks how many sites the user attempting to log in belongs to.
If the user belongs to only one site, the system checks whether the login method for the user's site is set under the "Site" tab.
If it is, the system uses the login method set for that site.
If the login method is not set under the "Site" tab, the system uses the default login method.
If the user belongs to two or more sites, the system checks the status of the user's login preferences. Follow the below steps to select your preferred site.
Click on your D3 profile icon, then click on the My Preferences option.
Click on the Edit button underneath the Login Preferences section.
Click on the dropdown menu, then select your preferred site.
Click on the Save button.
If the preferences are set for a particular site, the system checks whether the login method for the user's site is set under the "Site" tab.
If the preferences are not set, or are set for "All client sites" or "All internal sites," the system uses the default login method.