Authentication | Lacework Documentation

📄️ Set Lacework Attributes

This topic describes Lacework attributes and how to set them for different accounts. You configure Lacework attributes in the Indentity Provider (IDP) UI.

📄️ SAML Configuration

To enable SAML in the Lacework Console, navigate to Settings > Authentication and create or edit SAML authentication.

📄️ Okta as a SAML IDP

To use Okta as a SAML IDP, you must add Lacework as a service provider.

📄️ Google Workspace as a SAML IDP

To use Google Workspace as a SAML IDP, you must add Lacework as a custom app to Google Workspace.

📄️ OneLogin as a SAML IDP

To use OneLogin as a SAML IDP, you must add Lacework as a service provider.

📄️ Azure Active Directory as a SAML IDP

Configuring Lacework to use Microsoft Azure Active Directory (AD) as a SAML IDP requires Active Directory Premium. You must sign in to the Lacework Console as an administrator and to the Azure portal using your Azure Active Directory administrator account. This process requires you to create a non-gallery application in Azure.

📄️ Red Hat Keycloak as a SAML IDP

To use Keycloak as a SAML IDP, you must add Lacework as a service provider. As a prerequisite, you need to have admin rights for your realm, and admin rights in your Lacework account or organization.

📄️ SAML JIT Overview

SAML authentication supports Just-in-Time User Provisioning. Enabling this option allows for on-the-fly creation of a team member the first time they try to log in. This eliminates the need to create team members in advance. For example, if you recently added an employee to your company, you don't need to manually create the team member in Lacework.

📄️ Okta SAML JIT

This topic describes how to add JIT user provisioning capabilities to Okta SAML authentication for Lacework.

📄️ Google Workspace SAML JIT

This topic describes how to add JIT user provisioning capabilities to Google Workspace SAML authentication for Lacework.

📄️ OneLogin SAML JIT

This topic describes how to add JIT user provisioning capabilities to OneLogin authentication for Lacework. OneLogin provides a Lacework application to simplify the setup process.

📄️ Azure Active Directory JIT

You need an Active Directory Premium account to add JIT user provisioning capabilities to Microsoft Azure Active Directory (AD). Sign in to the Lacework Console as an administrator and to the Azure portal using your Azure Active Directory administrator account. This process requires you to create a non-gallery application in Azure.

📄️ Google OAuth Configuration

To enable Google OAuth using the Lacework Console, navigate to Settings > Authentication and select Google OAuth.