Integrate AlertOps with Conditional Access

Create a Portnox Cloud application configuration

In this step, you will create a configuration in Portnox Cloud that will contain all the information necessary to integrate with AlertOps.

In a new tab of your browser, open your Portnox Cloud account by accessing the following URL: https://clear.portnox.com/
From now on, we will call this tab the Portnox tab.
In the Cloud portal top menu, click on the Applications option.
On the APPLICATIONS screen, click on the Add new SAML application button.
Optional: If you have more than one SAML identity provider configured, select the identity provider in the Select an identity provider to use for this application section.
In the Application details section, enter an Application name and optionally a Description.

In this example, we used the name AlertOps for the new application configuration but you can use any name you like.
Keep this browser tab open. You will need it later.

In this section, you will access your AlertOps dashboard and find the settings for SSO authentication.

In another tab of your browser, open your AlertOps Account Settings page by accessing the following URL: https://app.alertops.com/your_tenant/account-settings, where your_tenant is your tenant name.
From now on, we will call this tab the AlertOps tab.
In the SSO section, click on the UPDATE SSO link.
In the SSO section, activate the Use single sign-on (SSO) checkbox.

In this section, you will copy the values displayed by Portnox Cloud and paste them in the relevant fields in the AlertOps SSO settings section.

In the Portnox tab, in the Service details section, click on the ⧉ icon next to the Identity Provider Entity ID / Audience URI field to copy the value.
In the AlertOps tab, click on the empty field under the Issuer URL label and paste the value copied from Portnox Cloud.
In the Portnox tab, in the Service details section, click on the ⧉ icon next to the Sign-In URL / SSO URL field to copy the value.
In the AlertOps tab, click on the empty field under the SAML endpoint URL label and paste the value copied from Portnox Cloud.
In the Portnox tab, in the Service details section, click on the ⧉ icon next to the Certificate field to copy the value.
In the AlertOps tab, click on the empty field under the X.509 Certificate label and paste the value copied from Portnox Cloud.

In this section, you will enter configuration values in the relevant fields in Portnox Cloud.

In the Portnox tab, in the Application properties section, click on the empty field under the Entity ID / Service Provider Entity URL heading and enter the following value: https://app.alertops.com/your_tenant, substituting your_tenant with your AlertOps tenant name.
In the Portnox tab, in the Application properties section, click on the empty field under the Assertion Consumer Service (ACS) URL / Reply URL heading and enter the following value: https://api.alertops.com/api/v2/saml/your_tenant, substituting your_tenant with your AlertOps tenant name.

In this section, you will finalize the configuration in Portnox Cloud and AlertOps.

Finalize the configuration in the Portnox tab.
1. Optional: In the POLICY ASSIGNMENTS section, change the setting to Application-based and then select an access control policy and a risk assessment policy if you want to control access to this application without using groups.
2. Scroll all the way down to the end of the page, and then click on the Save button.
Finalize the configuration in the AlertOps tab.
1. In the SAML Signature Algorithm field, select the SHA256 option.
2. Optional: Activate the Allow username/password login checkbox.
  
  Note: We recommend this setting when you configure AlertOps for the first time, to avoid locking users out of AlertOps if your configuration is not correct. The account owner can always log in with a username and a password, even when this checkbox is not active.
3. Click on the ✓ icon save the configuration.

Result: You have configured AlertOps to be accessible using Portnox Conditional Access for Applications.