Skip to main content
Skip table of contents

Login Authentication Configuration Guide

LAST UPDATED: SEPTEMBER 09, 2025

Users can set up various login methods, including general authentication (username and password on the D3 vSOC login page), and identity provider (IdP) methods like Active Directory (AD) and SAML.

For managed security service providers (MSSPs), each site represents a customer. To maintain data isolation and meet distinct security requirements, different Single Sign-On (SSO) login methods can be configured per site.

In enterprises, each site usually represents a business department or service line. Login methods are typically configured by user rather than by site.

How Login Method is Determined

When a user attempts to login, the D3 system follows a particular sequence to determine the appropriate login method. The below diagram illustrates this sequence.

Login Method Resolution Flow Breakdown

First, the system checks whether the login method is set under the "User" tab.

  • If it is, the system uses the login method set for that user.

  • If the login method is not set under the "User" tab, the system checks how many sites the user attempting to log in belongs to.

If the user belongs to only one site, the system checks whether the login method for the user's site is set under the "Site" tab.

  • If it is, the system uses the login method set for that site.

  • If the login method is not set under the "Site" tab, the system uses the default login method.

If the user belongs to two or more sites, the system checks the status of the user's login preferences. Follow the below steps to select your preferred site.

  1. Click on your D3 profile icon, then click on the My Preferences option.

  1. Click on the Edit button underneath the Login Preferences section.

  2. Click on the dropdown menu, then select your preferred site.

  3. Click on the Save button.

  • If the preferences are set for a particular site, the system checks whether the login method for the user's site is set under the "Site" tab.

  • If the preferences are not set, or are set for "All client sites" or "All internal sites," the system uses the default login method.

Login Authentication - Certificate Tab

Navigating to the Login Authentication UI

  1. Navigate to the Configuration page.

  2. Click on the Application Settings menu item, then click on Login Authentication.

    Frame 36 (2)-20240927-011332.png

Adding a New Login Method

  1. Click on the + New Certificate button to to render the New Auth form popup.

  2. Enter a unique name for the login method in the Auth Name input field.

READER NOTE*

D3 recommends recommends the following naming convention:
<Authentication protocol>-<Identity provider>-<D3 Subdomain>

  1. Select an login method in the Auth Type dropdown field.

  2. Configure the necessary parameters.

  3. Ensure the following information is available for the setup: /info

    1. Target URL: This is an embedded link obtained from an IdP like Microsoft Entra ID, Okta, or Google. It is used by the Assertion Consumer Service URL to redirect users to the IdP's login page for authenticating into D3 vSOC.
      Different IdPs have different names for this URL. For example, Microsoft Entra ID calls it "User access URL", whereas Okta calls it "Single Sign-On URL".

    2. Assert Consumer Service URL: This is the D3 vSOC login page link. It is generated by D3 and sent to D3 customers. It uses the Target URL to redirect users to the IdP's login page for authenticating into D3 vSOC. It conforms to the following format:

      CODE 
      https://<subdomain>.<domain/server IP>/<application path>/VSOC/D3SOC/D3SAML

eg. https://demo.d3securityonline.net/MainAppV2/VSOC/D3SOC/D3SAML

eg. https://10.0.0.2/demopath/VSOC/D3SOC/D3SAML

    3. Certificate: The base64-encoded certificate provided by the selected SSO platform, enabling the D3 vSOC application to communicate with the SSO IdP.

READER NOTE*

Different IdPs have different names for the certificate. For example, Microsoft Entra ID calls it "Certificate (Base64)", whereas Okta calls it "X.509 Certificate".

  1. Ensure that an IdP user is created and assigned the IdP's SSO application.

READER NOTE*

Different IdPs have different names for their SSO application. For example, Microsoft Entra ID calls it an "Enterprise application", whereas Okta calls it "SAML Integration".

  1. Click on the Save button at the bottom of the form.

  2. Click on the Save button on the right hand side of the Login Authentication banner.

Managing Existing Login Methods

The table within the Certificate tab displays all of your configured login methods, with columns for Auth Name, Usage, and Auth Parameters.

Usage

Shows the number of users and sites currently using each login method.

Auth

Parameters

Click on the Advanced Settings button to modify a corresponding login method configuration.

Default Login Method

Use the dropdown menu to select the default login method, which will be automatically applied upon meeting certain criteria (refer to the How Login Method is Determined section). The Default Login Method is initially set to General Authentication, which does not involve any IdPs and requires the user to enter their D3 vSOC username and password on the D3 vSOC login page.

Login Authentication - Site Tab

Assigning Login Methods to Sites

Individual Assignment

  1. Select your desired login method in the dropdown menu underneath the Login Method column.

  2. Click on the Save button.

Bulk Assignment

You have the option to select multiple sites individually, or to select them all at once. If no Login Method is selected, the default login method will be applied to all sites.

Individual Site Selection

  1. Use the checkboxes to select your desired sites.

  2. Click on the X Selected button to render the list of login methods.

  3. Choose the login method for all the selected sites.

  4. Click on the Save button.

Universal Site Selection

  1. Click on the Select All button.

  2. Click on the X Selected button to render the list of login methods.

  3. Choose the login method for all the selected sites.

  4. Click on the Save button.

Login Authentication - User Tab

Assigning Login Methods to Users

Individual Assignment

  1. Select the desired login method from the dropdown menu under the Login Method column.

READER NOTE*

Upon selecting the login method of a user, login using the redirect link provided by your identity provider (ie. "App Embed Link" for Okta, or "User access URL" for Entra ID) will automatically redirect you to your logged in vSOC.

After selecting the user's login method, use the redirect link provided by the identity provider (for example, "App Embed Link" for Okta or "User Access URL" for Entra ID). The link automatically redirects to the logged-in vSOC.

  1. Click on the Save button.

Bulk Assignment

You have the option to select multiple users individually, or to select them all at once. If no Login Method is selected, the default login method will be applied to all users.

Individual User Selection

  1. Use the checkboxes to select your desired sites.

  2. Click on the X Selected button to render the list of login methods.

  3. Choose the login method for all the selected sites.

  4. Click on the Save button.

Universal User Selection

  1. Click on the Select All button.

  2. Click on the X Selected button to render the list of login methods.

  3. Choose the login method for all the selected sites.

  4. Click on the Save button.

FAQs

I am having trouble logging in. How do I configure the usernames for D3 vSOC and my identity provider (Okta, Entra ID, Google, ADFS, etc.) to ensure proper login functionality?

What your D3 username should be is determined by the SAMLEmailIDType configuration key found in Application Settings > Web Config in vSOC. Here are the scenarios:

  • If SAMLEmailIDType is set to True:

    • If the vSOC username is the local part of the email (e.g., "abc" in abc@example.com), you will be able to log in using your entire email address via your identity provider.

    • If the vSOC username is the full email address (including the @ symbol and domain), or any other string, you will be unable to login via your identity provider.

  • If SAMLEmailIDType is set to False:

    • If the vSOC username is an email address, you will be able to log in using your entire email address at the end of the Login to D3 vSOC via your identity provider.

    • If the vSOC username is the local part of the email, you cannot log in via your identity provider.

Is assistance available from D3?

When setup assistance is requested, D3's support team accesses the SOAR application using D3's SSO. Enterprise users then authenticate with their own SSO methods through an assertion consumer service (ACS) URL.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close