Lacework Auth: Just-In-Time Provisioning Guide

Table of contents

• Change log
• Overview
• Best practices
• Prerequisites
• Installation steps
  • Okta identity provider
• Appendix
  • Additional resources
  • Lacework RBAC
• Provide feedback

Change log

Date	Author	Comment
January 2022	Allie Fick	Revised to align with Lacework's best practice guide template.
December 2021	Diana Esteves	Initial public release for this guide :) Thank you to all the amazing Lacers who provided valuable feedback!

Overview

Lacework’s authentication via Security Assertion Markup Language (SAML) supports Just-in-Time (JIT) user provisioning. Enabling this option allows for on-the-fly creation of a Lacework user account upon the first successful login to Lacework. This eliminates the need to create users in advance. For example, a new employee added to your company’s identity provider wouldn’t need to manually create an account to access Lacework.

SAML JIT user provisioning is achieved via attribute definitions in the SAML identity provider. This guide currently includes guidelines for the Okta identity provider; G Suite (Google) and Azure AD identity provider guidelines will be added soon.

Best practices

• Follow the Principle of Least Privilege (PoLP). Review the Lacework role-based access control (RBAC).

Prerequisites

• One auth method is allowed. Any existing auth will have to be either disabled or converted to JIT.
• If the account being configured belongs to an organization, the authentication must be set at the organization level.
• The Lacework platform does not currently offer an application programming interface (API) resource; therefore, there is no Terraform module or Lacework command-line interface (CLI) command to conduct auth configurations programmatically. Thus, we need to access Lacework Console via the browser to configure the auth piece at this moment.

Installation steps

To view the installation steps, navigate to the corresponding configuration below.

Okta identity provider

---

Appendix

Additional resources

• SAML Configuration
• SAML JIT Overview

Lacework RBAC

Terms

• Organization is a top-level logical grouping. This is typically a company; however, within fairly large companies, this could also represent an entire business unit.
• Account is one level below an organization. An organization can contain multiple accounts. An account typically represents a business unit and/or team within a company, e.g., Sales, Engineering, Marketing.
• A resource within the Lacework platform is a feature, e.g., API keys.

Chart

• R = Read access
• W = Write access
• - = Not available

Role:		Account User	Account Admin	Org User	Org Admin
Scope	Resource	Actions
Account Settings	API Keys	-	RW	-	RW
	Agents	R	RW	R	RW
	Alert Routing	R	RW	R	RW
	Audit Logs	R	RW	R	RW
	Authentication	R	RW	R	RW
	General Settings	R	RW	R	RW
	Integrations	R	RW	R	RW
	Resource Groups	R	RW	R	RW
	Team Members	R	RW	R	RW
	Usage	R	R	R	R
Organization Settings	Account Management	-	-	R	RW
	Alert Routing	-	-	R	RW
	Audit Logs	-	-	R	RW
	Authentication	-	-	R	RW
	Integrations	-	-	R	RW
	Configurations -> General Settings	-	-	R	RW
	Resource Groups	-	-	R	RW
	Usage	-	-	R	R

Provide feedback

• Submit a pull request with your suggestions.
• Email community@lacework.com