CrowdStrike - SSO Configuration

CrowdStrike - SSO Configuration


Alert
Please note that this application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk
Quote
This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Crowdstrike using MPAS. SSO simplifies user authentication by allowing access to multiple applications with a single set of credentials. This integration enhances security and improves user experience across your organization
Warning
To set up Multi-Pass with  CrowdStrike, ensure you meet the following requirements:
- CrowdStrike admin rights
- MPAS Admin rights
- Make sure that all users intended to use SSO in CrowdStrike are registered in your IdP and have the necessary permissions to access CrowdStrike.



CrowdStrike - SSO Configuration



Step 1 - Gather Information from CrowdStrike (SP)

Notes
CrowdStrike uses regional URLs for Entity IDs and ACS endpoints. Confirm your CrowdStrike region and copy the correct values below.

CrowdStrike SAML Values

CrowdStrike RegionClient ID (SP Entity ID)ACS URL
Global / US-1https://falcon.crowdstrike.com/saml/metadatahttps://falcon.crowdstrike.com/saml/acs
US-2https://falcon.us-2.crowdstrike.com/saml/metadatahttps://falcon.us-2.crowdstrike.com/saml/acs
EU-1https://falcon.eu-1.crowdstrike.com/saml/metadatahttps://falcon.eu-1.crowdstrike.com/saml/acs
GCWhttps://falcon.laggar.gcw.crowdstrike.com/saml/metadatahttps://falcon.laggar.gcw.crowdstrike.com/saml/acs
  1. Provide Metadata to CrowdStrike
  2. You will see in the next steps how to get the metadata XML or you can use the link below : 
    1. https://ca.auth.kzero.com/realms/<TENANT_NAME>/protocol/saml/descriptor
Info
CrowdStrike requires a support case. Submit the Multi-Pass IdP Metadata XML file to their team. They will complete the setup and confirm when the integration is active.

Step 2 - Configure Multi-Pass (IdP)

  1. Open Multi-Pass Dashboard
  2. Select your tenant.
  3. Go to Integrations, click on Applications
  4. In the custom section click on SAML
  5. Fill in the following:
FieldValue
Client IDCrowdStrike Entity ID
NameCrowdStrike
Assertion Consumer ServiceCrowdStrike ACS URL
NameID Policy Formatemail
  1. Select Download under Tenant XML Data and save the file locally.

  1. click Add Integration
  2. Go to the Advanced Console

  1. Select Clients and search for "CrowdStrike"
  2. Select the CrowdStrike Client and review the Advanced Settings below : 
General Settings
FieldValue
Client IDCrowdStrike Entity ID
NameCrowdStrike
DescriptionCrowdStrike Falcon SSO Integration
Always display in UION

Access Settings
FieldValue
Home URL (IdP-initiated)https://ca.auth.kzero.com/realms/<TENANT_NAME>/protocol/saml/clients/<APP_NAME>
Valid Redirect URIs (ACS)Crowdstrike's ACS URL
IdP-Initiated SSO URL Name<APP_NAME>

SAML Capabilities
SettingValue
Name ID Formatemail
Force Name ID FormatON
Force POST BindingON
Include AuthnStatementON

Signature & Encryption
SettingValue
Sign DocumentsOFF
Sign AssertionsON
  1. Move to the tab "keys" and make sure that both parameters are switched to OFF
  2. Then move to the "advanced" tab
    1. Assertion Consumer Service POST Binding URL = Valid redirect URIs = Crowdstrike's ACS URL

Step 3 - Provide Metadata to CrowdStrike

  1. CrowdStrike requires a support case. Submit the Multi-Pass IdP Metadata XML file to their team. They will complete the setup and confirm when the integration is active.

    • Related Articles

    • SAML SSO Integration Guide

      This guide provides an overview of how to configure SAML Single Sign-On (SSO) between Multi-Pass and a third-party Service Provider (SP). Multi-Pass acts as the Identity Provider (IdP) in this federation model. Multi-Pass is working on SCIM support ...

    • Notion - SSO configuration

      Please note that this application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk. This documentation provides a ...

    • Vanta - SSO configuration

      This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Vanta using MPAS. SSO simplifies user authentication by allowing access to multiple ...

    • Dynatrace - SSO configuration

      This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Dynatrace using MPAS. SSO simplifies user authentication by allowing access to multiple ...

    • Addigy - SSO configuration

      This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Addigy using MPAS. SSO simplifies user authentication by allowing access to multiple ...