Key9 Identity
  • Welcome To Key9 Identity
  • SSH
    • Installation & Setup
      • MacOS Yubikey Smartcard/PIV instructions.
        • 1. Installation of MacOS software
        • 2. Changing the Yubikey PIN.
        • 3. Generating Keys and Certificates for the Yubikey
        • 4. Enrolling the public key to Key9
        • 5. Testing and configuring SSH
      • Windows Yubikey Smartcard/PIV instructions
        • 1. Installation of Windows software.
        • 2. Getting the system ready for libykcs11.dll
        • 3. Adding libykcs11.dll to SSH configurations.
        • 4. Generating Keys and Certificates for the Yubikey
        • 5. Enrolling the public key to Key9
        • 6. Testing your SSH key.
      • OpenSSH with Yubikey / FIDO2 protected keys
        • 1. Prerequisites
        • 2. OpenSSH command for Yubkey FIDO2
        • 3. Enrolling your public key to Key9
        • 4. Testing your SSH key
      • Setting a Yubikey PIN without Yubikey software.
        • 1. Using Key9 "registration" to register a new Yubikey PIN.
        • 2. Using "webauthn.io" to register a new Yubikey PIN.
      • RSA Password Protected SSH Key
        • 1. Key9 Settings to allow RSA
        • 2. Generating RSA SSH Key
        • 3. Enrolling your public key to Key9
        • 4. Testing your SSH key
      • Determine your Yubikey Type
        • 1. Linux "lsusb" command
        • 2. MacOS "ioreg" command
        • 3. Windows 11
      • Useful External Links
      • Windows Powershell with Yubikey/FIDO2-protected SSH keys
        • 1. Download OpenSSH for Windows.
        • 2. Setting up your SSH keys
        • 3. Enrolling your public key to Key9
      • Technical Notes
        • Pop!_OS - "agent refused operation"
      • Key9 SSH for Debian 12 [Bookworm] Howto
        • 1. Installing GPG
        • 2. Configuring the Key9 Debian 12 Repo.
        • 3. Configuring the Key9 SSH client
        • 4. Configuring Name Service Switch [/etc/nsswitch.conf]
        • 5. Configuring the OpenSSH server
        • 6. Modifying "sudoers" [optional]
        • 7. Configuring "k9-tail" for logs [optional]
        • 8. Automatic home directory creation [optional]
  • Web
    • Marketplace Applications
      • Amazon Web Services
      • Atlassian Jira
      • Cyera
      • GitBook
      • Google Workspace
      • KnowBe4
      • LibreNMS
      • NetBox
      • SentinalOne
      • Wiz
Powered by GitBook
On this page
  1. Web
  2. Marketplace Applications

Wiz

Configuring Key9 Identity SAML SSO with Wiz

PreviousSentinalOne

Last updated 4 months ago

  1. Service Provider ID (SP Entity ID):Can be found in the Wiz portal, via Details for your SAML Provider.

  2. Service Provider Login URL (SSO URL):Can be found in the Wiz portal, via Details for your SAML Provider.

  3. Service Provider Logout URL (SLO URL):Can be found in the Wiz portal, via Details for your SAML Provider.

  4. IdP-Initiated Login URL:This will typically start with client_id and not https.

Please see Wiz documentation for setting up SSO. (You must be logged into Wix Portal to View Documents)

Start configuring the SAML identity provider in Wiz

  1. In the Wiz portal, navigate go to Settings > Access Management > SSO & Login Security, then click Add Identity Provider.

  2. In the New SAML Identity Provider page, enter Key9-Identity as SAML Name. Then click Continue. The values required for Key9 (IdP) are generated.

From the Details for your SAML Provider screen Copy and paste the following URLs into Key9 Setup Items

  1. Service Provider ID (SP Entity ID)

  2. Service Provider Login URL (SSO URL)

  3. Service Provider Logout URL (SLO URL)

  4. Enable IdP-initiated logins and Copy IdP-Initiated Login URL

Click the Create Application button in Key9.

After you have created your Key9 application, click the SSO tab in the side navigation.

Back in the Wiz portal:

  1. Leave the Enable Authentication Request Signing disabled.

  2. Leave the Encrypt SAML Attributes disabled.

Return to the open tab with Wiz. You should be on the New SAML Identity Provider > SSO Providers Details page.

Enter the following values from Key9 into these Wiz fields:

  1. Copy the Key9 SSO url to the Identity provider Single Sign-On URL field.

  2. Copy the Key9 SLO url to the Identity provider Single Log-Out URL field.

  3. Copy the Key9 Entity ID url to the Identity Provider Issuer URL or ID field.

  4. Copy the Key9 X.509 Certificate to the Public Certificate field.

(To view and copy the x509 certificate in Key9, select View Certificate Details from the Certificate Options dropdown menu, then click the copy icon.)

Click Continue.

Refer to Wix documentation for configuring group mappings. (You must be logged into Wix Portal to View Documents)

-------------------

By default, applications are not active upon creation. Active applications are immediately available to assign groups. Applications should only be activated when you have configured the Service Provider (SP).

Wiz documentation can be found here.
Configure group mapping in Wiz