Administering
Learn how to administer the product.
- Managing users, groups, and access permissions
  Learn how to manage user groups and access permission.
- SAML Single Sign-On in AppScan Enterprise
  - Enabling SAML Service Provider
    You must configure the SAML in the Service Provider, that is AppScan Enterprise application, to allow user assertion by an Identity Provider (IdP) through Single Sign-On authentication service.
  - Identity Provider in AppScan Enterprise
  - Enabling encryption for SAML based SSO in AppScan Enterprise
    When a user login to SP, in this case AppScan Enterprise, a request is sent to IdP for authenticating the user. You can encrypt this process of authentication and approval requests that occur between the SP and IdP by installing a self-signed certificate in the AppScan Enterprise Server.
- Configuring and downloading log files for Enterprise Console and AppScan Server
  Administrators can configure the settings for log files for the Enterprise Console and AppScan Server and download them when they need to troubleshoot issues. This function eliminates the need to search the file system of the computer where the Enterprise Console or AppScan Server is installed.
- Resetting Service Account Password in AppScan Enterprise through the ASE AdminUtil tool
  The AdminUtil tool helps users to avoid rerun the configuration wizard on the AppScan Enterprise Server and the DAST Scanner(s) to reset the password. You can run the utility in two modes - Interactive mode and Silent mode. For more information about resetting service account password through interactive mode, see Resetting Service Account Password in AppScan Enterprise through the ASE AdminUtil tool in silent mode
- Resetting Service Account Password in AppScan Enterprise through the ASE AdminUtil tool in silent mode
  The AppScan Enterprise (ASE) AdminUtil tool helps users to avoid rerun the configuration wizard on the AppScan Enterprise Server, IAST Communication service, DAST scanner(s), Database service, and Alert services to reset the password of service account. You can achieve this by running the utility in two modes - Interactive mode and Silent mode. For more information about resetting service account password through interactive mode, see Resetting Service Account Password in AppScan Enterprise through the ASE AdminUtil tool
- Monitoring AppScan Enterprise usage
  Create an Activity Log report to determine who is using AppScan Enterprise and what they are doing with it. The report lists the users that made changes and when the changes were made. Because the log is always recording activity, all you must do is create the report. Only Administrators can create the Activity Log report; however, any user can be given access to it as part of a report pack's properties. If you do not want other users to see the Activity Log report, change `All Other Users' to No Access on the Users and Groups page for the report pack.
- Activity Log
  Activity Log helps determine who is using AppScan Enterprise and what they are doing with it. It lists the users that made changes and when the changes were made. This is useful for security auditing to detect possible unauthorized or unusual activities performed by users. Only Administrators can view the Activity log. By default, the activity log data is retained for one year.
- Managing a server
  Product Administrators are responsible for managing each server to its optimal performance.
- Managing the scan queue
  See the status of scan jobs currently running or waiting to run so that you can prioritize the order in which your key scan jobs run. For example, you might have scan jobs that are part of a time-sensitive deliverable, like a holiday shopping special. You can move them to the top of the queue to make sure that they are prioritized first in the schedule.
- Updating security rules
  The security rules are updated as a part of your AppScan® Enterprise releases. You can verify the version and release date of the security rules by looking in the About link in the AppScan Enterprise main menu.
- Importing user-defined tests from AppScan Standard
  AppScan® Standard provides a database of thousands of tests. However, if your web application has issues that are specific to it, or if you want to write your own advisories for fixing issues, you can create your own tests. These tests are saved and included in your AppScan database of tests. You can also export them as a *.udt file to import into AppScan Enterprise.
- Maintaining your SQL Server database
  SQL Server database maintenance includes upgrading SQL servers, SQL database backup, log file configuration, and database usage.
- Preparing for Security Testing
  Learn how to prepare for security testing in AppScan Enterprise.
- Creating scan templates
  Learn how to create scan templates in AppScan Enterprise.

Enabling SAML Service Provider

You must configure the SAML in the Service Provider, that is AppScan Enterprise application, to allow user assertion by an Identity Provider (IdP) through Single Sign-On authentication service.

Before you begin

You must be an AppScan administrator to perform the SAML configuration.
You must have completed the following tasks:
- You must have installed the AppScan Enterprise V10.0.3 or later on your system. For more information about installing AppScan Enterprise, see to Installing AppScan Enterprise.
- You must have configured the Identity Provider (IdP) supported by your AppScan Enterprise version SP where you are enabling the SAML. For more information about configuring supported IdP, see Configuring Identity Providers for SAML in AppScan Enterprise.
  Note: AppScan Enterprise supports the IdP - Okta, PingFederate, and Microsoft ADFS.

About this task

You must have installed the AppScan Enterprise software package on the target system before you configure the SAML service. This section helps you configure the SAML service by locating and renaming the SAML configuration property file that is available in the installation directory of the AppScan Enterprise application.

Procedure

After the AppScan Enterprise application installation is complete, navigate to the config folder of the installation directory where AppScan Enterprise software is installed. For example: <installation directory>/AppScan Enterprise/Liberty/usr/servers/ase/config.
Locate and open the onelogin.saml.properties.template file.
Rename the file onelogin.saml.properties.template to onelogin.saml.properties.

Note: If a different name is entered, then the SAML service is not enabled and configured for AppScan Enterprise.
After renaming the SAML properties file, exit the installation directory.

Results

You have successfully configured SAML Service Provider.

What to do next

You can login to the AppScan Enterprise through the Identity Provider (IdP) that your organization has provided.

Note: When you log in to AppScan Enterprise through SAML-SSO method, the Scans tab is displayed as the default landing page instead of the Monitor tab.