| Date | Author | Comment |
|---|---|---|
| January 2022 | Allie Fick |
|
| December 2021 | Diana Esteves |
|
Lacework’s authentication via Security Assertion Markup Language (SAML) supports Just-in-Time (JIT) user provisioning. Enabling this option allows for on-the-fly creation of a Lacework user account upon the first successful login to Lacework. This eliminates the need to create users in advance. For example, a new employee added to your company’s identity provider wouldn’t need to manually create an account to access Lacework.
SAML JIT user provisioning is achieved via attribute definitions in the SAML identity provider. This guide currently includes guidelines for the Okta identity provider; G Suite (Google) and Azure AD identity provider guidelines will be added soon.
- Follow the Principle of Least Privilege (PoLP). Review the Lacework role-based access control (RBAC).
- One auth method is allowed. Any existing auth will have to be either disabled or converted to JIT.
- If the account being configured belongs to an organization, the authentication must be set at the organization level.
- The Lacework platform does not currently offer an application programming interface (API) resource; therefore, there is no Terraform module or Lacework command-line interface (CLI) command to conduct auth configurations programmatically. Thus, we need to access Lacework Console via the browser to configure the auth piece at this moment.
To view the installation steps, navigate to the corresponding configuration below.
- Organization is a top-level logical grouping. This is typically a company; however, within fairly large companies, this could also represent an entire business unit.
- Account is one level below an organization. An organization can contain multiple accounts. An account typically represents a business unit and/or team within a company, e.g., Sales, Engineering, Marketing.
- A resource within the Lacework platform is a feature, e.g., API keys.
R = Read accessW = Write access- = Not available
|
|
Account User
|
Account Admin
|
Org User
|
Org Admin
|
|
Scope
|
Resource
|
Actions
|
|||
Account Settings
|
-
|
RW
|
-
|
RW
|
|
R
|
RW
|
R
|
RW
|
||
R
|
RW
|
R
|
RW
|
||
R
|
RW
|
R
|
RW
|
||
R
|
RW
|
R
|
RW
|
||
R
|
RW
|
R
|
RW
|
||
R
|
RW
|
R
|
RW
|
||
R
|
RW
|
R
|
RW
|
||
R
|
RW
|
R
|
RW
|
||
R
|
R
|
R
|
R
|
||
Organization Settings
|
-
|
-
|
R
|
RW
|
|
-
|
-
|
R
|
RW
|
||
-
|
-
|
R
|
RW
|
||
-
|
-
|
R
|
RW
|
||
-
|
-
|
R
|
RW
|
||
-
|
-
|
R
|
RW
|
||
-
|
-
|
R
|
RW
|
||
-
|
-
|
R
|
R
|
||
- Submit a pull request with your suggestions.
- Email
community@lacework.com