Top

N|Solid SaaS

N|Solid SaaS Dashboard

The N|Solid SaaS Dashboard offers a user interface for you to connect and configure your N|Solid SaaS Console. You can use it to manage people, billing, service tokens and more.

SaaS dashboard

How to access your N|Solid SaaS Console

Click the green button VISIT NOW! to open your N|Solid SaaS Console in a new browser window. If you want to copy the url, just click the url or the icon on the right.

Visit SaaS Console Container

Choose how to connect your process

There are three ways to connect your process; local, docker and cloud images. Below tabs provide the corresponding instructions. found by navigating to the Settings link, located in the navigation bar. From the General tab, your Organization's general settings may be edited. Currently, the Organization Name is the only editable feature. From the General tab, you may also access your N|Solid License Key.

Note: NSOLID_SAAS is an alternative for both NSOLID_PUBKEY and NSOLID_COMMAND so that you can connect processes using NSOLID_SAAS as an environment variable.

The LOCAL tab: Local Tab

The DOCKER tab: Docker Tab

The CLOUD IMAGES tab: Cloud Images Tab

Settings

There are four possible configurable settings in the left navigation bar. From the Licensing tab, you may also access your N|Solid License Key.

The People tab exposes access to your Organization's team. From this menu, you may add, remove, and manage team members. User permissions may be edited by changing the status of the user, located toward the right of the menu.

People

The Billing tab reveals metrics for your Organization, including the number of current users. You may also upgrade your plan level from this menu.

Billing

The Service Tokens tab allows you to create, rename, regenerate, and delete tokens for use in your CI/CD system. Tokens have a brief description or name and a Token key. They can be given READ and WRITE access to your NCM Whitelist, and READ access to your NCM Certification Data.

Service Tokens

NodeSource Accounts

Overview

In order to access and use N|Solid, Certified Modules and other NodeSource products, users are required to create a NodeSource Account via accounts.nodesource.com. There you can download software, manage your profile, and create and manage organizations.

Sign up

Create your NodeSource account either with an email address or by using either GitHub or Google 3rd-party authentication. Upon account creation, a prompt will appear with the option to create an organization or to continue with an individual account. Sign up screen

Sign in

To find information about a particular package in NodeSource Certified Modules, use the Certified Modules page. Sign in screen

Reset Password

Account passwords may be reset by selecting the Reset Password button located below the fields on the Sign In page. In order to receive a new password, you must have access to the email for which the account was created. Reset instructions will be sent to the account's email address. A prompt will then appear in which accounts.nodesource.com requests a new password for the account upon opening the received email. Reset password screen

Create a New Organization

Creating an Organization allows for the collaborative use of N|Solid and Certified Modules throughout your team. Depending on the selected subscription tier, you and your team obtain various levels of access to NodeSource's product line, support suite, and training opportunities. Create a new Organization

Upon selecting the desired tier, you will be prompted to input payment details and finalize the creation of your Organization. Add Payment Details

After selecting a tier, the Add People page will prompt you to invite collaborators via email. Invitees will receive access to the Organization after their invitation is sent. Multiple email addresses may be entered, separated by commas. When all of your Organization's available seats have been assigned, an alert will appear on the Add People page. Add People to a new organization

User Profile & Downloads

Editing your personal User Profile is possible by navigating to the Edit Profile link, located in the top left hand side of the navigation bar. From this menu, your name and email address may be edited. From here you also have access to your N|Solid License Key, Connected Accounts, and the ability to reset your account password. Additionally, Two-Factor Authentication may be enabled by providing a valid phone number. If provided, the sent access code will be required alongside your email address and password when logging in. Removing the phone number disables Two-Factor Authentication from your account. If you wish to delete your account, you may contact us through the link provided below the password reset option. Edit Profile

NodeSource's product suite may be accessed through the Downloads page. Navigate to the top right hand corner of the navigation bar and select the link entitled Downloads. From here, you will be able to download NCM Desktop and N|Solid for the platforms on which they are supported. Currently this includes macOS, Linux, and Windows for NCM Desktop.

N|Solid supports macOS, Windows10, Debian, and RHEL. Please refer to the N|Solid docs for more information on supported platforms. Downloads screen

Organization Settings

There are four possible configurable settings, found by navigating to the Settings link, located in the navigation bar. From the General tab, your Organization's general settings may be edited. Currently, the Organization Name is the only editable feature. From the General tab, you may also access your N|Solid License Key.

General Settings

The People tab exposes access to your Organization's team. From this menu, you may add, remove, and manage team members. User permissions may be edited by changing the status of the user, located toward the right of the menu.

People screen under settings

The Billing tab reveals metrics for your Organization, including the number of current users. You may also upgrade your plan level from this menu.

Billing

The Service Tokens tab allows you to create, rename, regenerate, and delete tokens for use in your CI/CD system. Tokens have a brief description or name and a Token key. They can be given READ and WRITE access to your NCM Whitelist, and READ access to your NCM Certification Data.

Service Tokens

The SAML tab allows you to configure SAML settings for your Organization. (NB: this tab is only available for enterprise organizations.)

SAML settings

Configure SAML SSO with Okta, PingID and oneLogin

Federation is a collection of common standards and protocols to manage and map user identities between Identity Providers across organizations (and security domains) via trust relationships (usually established via digital signatures, encryption, and PKI).

NodeSource Orgs can now take advantage of Identity Providers (IdP) such as Okta, PingID and OneLogin by using NSolid’s new SAML integration to manage user access to NSolid and NodeSource Accounts.

SAML (Security Assertion Markup Language) is an open standard for exchanging authentication and authorization data between an identity provider and a service provider which can be used for SSO (Single Sign-on) for the NodeSource Account. The NodeSource Account is deployed ready for integration with the third-party SAML 2.0 compatible identity providers.

Requirements to set up SAML SSO

To set up Federated authentication via a SAML SSO Integration administrators are required to meet the following requirements:

  1. Enterprise Organization in your NodeSource Account
  2. Administration privileges in your NodeSource Account
  3. Administration privileges in your identity provider

Setup SAML with Okta

  1. Log in to your Okta Account as an administrator.
  2. Navigate to Admin Dashboard > Applications > Add Application.
  3. Click Create New App and choose SAML 2.0 as the Sign on method. Create New App
  4. Enter General Settings for the application, including App name and App logo (optional). General Settings
  5. Enter SAML Settings, including:
    1. Single sign on URL: https://api.nodesource.com/accounts/auth/acs
    2. Audience URL: https://api.nodesource.com/accounts/auth/idp-metadata
    3. Name ID format: unspecified SAML Settings
  6. Enter attribute statements as below, which will be used to map attributes between Okta and NodeSource. Attribute Statements
  7. Create a new API Token (Security > API > Tokens > Create Token) API Token
  8. In Settings > Features, enable Event Hooks to use SAML webhooks Event Hooks
  9. In your SAML web app, Sign On > Settings, copy the link address of Identity Provider metadata: Identity Provider Metadata
  10. In your NodeSource accounts SAML settings, paste the values generated above.
  11. Identity Provider Metadata URL: the link address of Identity Provider metadata in Sign On > Settings
  12. APP ID: in your okta SAML app page url, e.g., (https://dev-712690-admin.okta.com/admin/app/nodesourcedev712690_nodesource_1/instance/0oamwnctp4tW02lzL356/...), the string after instance/ is your APP ID
  13. API Token: a unique API token generated by your SAML provider. Accounts SAML settings
  14. Click TEST CONNECTION button to test the single sign-on connection. Testing the SAML connection

Use NSolid with Okta-based SAML

Users whose organizations chose to active the Okta integration, must sign into accounts.nodesource.com/signin first in order to accept NodeSource’s Terms and conditions. Once accepted users can directly access the console using their SAML SSO credentials.

See here for details.

Setup SAML with PingID(Ping Identity)

  1. Log in to your PingOne Account as an administrator.
  2. Navigate to Applications.
  3. In My Applications tab, click Add Applications button and choose New SAML Application. (If New SAML Application is disabled, you should connect to an identity repository first. See https://support.pingidentity.com/s/document-item?bundleId=pingone&topicId=fml1564020492091-2.html for more info).
  4. Enter Application Details for the application, including Application Name and Application Description. Application Details
  5. Enter SAML Settings, including:
    1. Assertion Consumer Service (ACS): https://api.nodesource.com/accounts/auth/acs
    2. Entity ID: https://api.nodesource.com/accounts/auth/idp-metadata SAML Settings
  6. Map the necessary application provider (AP) attributes to attributes as below. You can get your orgId from the SAML tab on NodeSource Accounts. Application Details
  7. Select all user groups that should have access to this application. Users that are members of the added groups will be able to SSO to this application and will see this application on their personal dock. Application Details
  8. Review Setup and click Finish button.
  9. Go to the SAML tab in your NodeSource Accounts, paste the values generated above.
    1. IDENTITY PROVIDER METADATA: Your identity provider metadata (XML)
    2. SSO URL: Single Sign-On (SSO) URL of your SAML App. SAML Settings Configuation PingID
  10. Click TEST CONNECTION button to test the single sign-on connection. Testing the SAML connection

Setup SAML with oneLogin

  1. Go to https://developers.onelogin.com/ and create an account.
  2. If you already have a oneLogin account, login as your organization's administrator and navigate to Apps > Company Apps > Click [Add App] button
  3. Enter SAML in the search box and select ‘SAML Test Connector (Advanced)’ One Login Integrations Search
  4. Enter SAML in the search box and select the ‘SAML Test Connector (Advanced)’ Add SAML Test Connector
  5. Once selected apply the following configurations in the Application Details section as below: SAML Test Connector callibration
  6. Set Parameters as follows: SAML Parameters
  7. Inside the SSO tab, click ‘View Details’ to get your X.509 Certificate: Enable SAML in oneLogin
  8. To get your IdP metadata URL, click the ‘MORE ACTIONS’ button and right click on ‘SAML Metadata’ and copy the link address: Test SAML Connector SAML
  9. Select DEVELOPERS > API Credentials to create your API Credentials as below: SAML API Access
  10. Click New Credential button and select Manage All option and save: SAML API Credentials
  11. Your API Credentials (CLIENT SECRET and CLIENT ID) are created: SAML API Credentials
  12. In accounts,nodesource.com navigate to settings > SAML.
  13. Copy and paste the metadata url (step 9) in IDENTITY PROVIDER METADATA URL.
  14. APP ID: In your onelogin SAML app page url, i.e., (https://nodesourcedev.onelogin.com/apps/646661/...), the number after apps/ is your APP ID
  15. Also paste the CLIENT SECRET and CLIENT ID you generated in step 12 and input it in their corresponding fields as shown below: SAML ClientID

Force SAML Authentication

In your Organization’s SAML settings you can force SAML authentication, which means only users with the ability to use your organization’s Okta, PingID or OneLogin credentials can log in. If you previously invited non-SAML members (like third-party contractors) to your organization’s Team those members will receive an email but will lose access to the organization. This feature is designed to easily secure and restrict access to your org’s NodeSource organization, accounts.nodesource.com and NSolid Console.

You an activate the feature by activating the ‘Require SAML Authentication’ toggle in accounts.nodesource.com > Settings > SAML

Require SAML

Role Based Access Control

Enterprise and Advanced Tier Users can now utilize NodeSource’s central control nexus, accounts.nodesource.com to give and revoke Role Based Access Control permissions for the NSolid Console and accounts.nodesource.com.

Permissions are assigned via roles which are aggregate sets of feature-permissions; each of which can be fully customized to support your company’s workflow and access-control needs. Role Based Access Control Dialog

The system comes with a set of pre-made roles but is completely customizable allowing granular permission management. This includes adding permission-privileges to new and/or existing roles as well as the creation and deletion of existing roles.

HOW IT WORKS

NodeSource’s Role Based Access Control feature empowers Org Admins to create, define, manage and assign roles that provide access privileges to distinct user-actions and/or views in the NSolid Console and accounts.nodesource.com.

The following shows the NodeSource’s central control-nexus, accounts.nodesource.com, from the perspective of two different users:

  • The ‘Admin’ has access to the Organization’s ‘People’s’ Tab where they can invite team-members, define and assign RBAC roles.
  • The ‘Member’ doesn’t have access to the ‘People’s Tab. To them the tab isn’t visible. RBAC Accounts Example

Similarly in the NSolid Console a ‘Security Admin’ will be granted access to the Console’s Security Tab, while a user with the ‘Member’ role won’t be allowed to access this option: RBAC Console Example

Default Roles

accounts.nodesource.com

  1. To access your existing roles log into accounts.nodesource.com and select your organization from the org-selector in the top left corner:

  2. Visit Settings > People and select the Show More selector under Role Based Access Control (RBAC) RBAC In Settings > People

  3. The expanded RBAC menu lets you configure default roles for new users joining the organization. This can be configured for for both invited users (Default role (General)) and team members who are joining via your organization's SAML configuration (Default Role (SAML)). Assign Default Roles

Pre-Made Roles & Modifying Roles via the Manage Role Configuration Dialog

NodeSource's accounts system comes with a set of pre-made roles but permits full customization of permissions per role as well as the creation and deletion of existing roles.

  1. To access your existing roles navigate to your organizations Settings > People's RBAC Dialogu and expand it as mentioned above.

  2. In the expanded RBAC window, click on the Manage Roles selector, this opens the Manage Role configuration dialog. RBAC In Settings > People

  3. The Manage Role Configuration Dialog permits users to modify existing and create new roles. Each role is an aggregate sets of feature-permissions that can be modified by a user with permissions to access the organization's People's Tab. Manage Role Configuration Dialog

  4. Users whose role has accsess to the People's Tab are able to modify permission-sets for each role. We recommend this to be a priviledge that is resered to the organization's Admin and Super Admin roles.

Creating New Roles

  1. To create a new role, click on the 'Create a New Role' in the Manage Role Configuration Dialog Create New Roles

  2. Name your role and select the permissions you would like this role to access. A detailed explanations for each permission is provided below.

Assigning Roles

Once saved a new and/or existing role can be assigned to users. Assign Role

RBAC Available Permissions

The following permissions can be aggregated into new roles and/or added to existing roles:

accounts.nodesource.com:

Permission Options Read and Write Permissions
General>License Key User can view org’s License Key in Settings>License Key
Billing User can access the billing section
Service Token User can create and invalidate new service tokens
SAML User may add/ remove support for Federated Authentication via Okta, PingIdentity or One Login.
People Management Users with this permission may:
- Manage, invite or remove org members,
- Invite or remove team-members,
- Assign or change roles per team-member,
- Set default roles for new team-members,
- Manage roles, including creating new and augmenting existing roles by selecting a set of permissions for each role.

NSolid Console - Security

Permission Options Read and Write Permissions
View Security Vulnerabilities User can access the NSolid Console's Security Tab
Hide Security Vulnerabilities User can hide security vulnerabilities on the Security Tab

NSolid Console - Notifications

Permission Options Read and Write Permissions
Settings > Global Notifications Access and modify Global Notifications in Settings
Make Custom View Access, create, modify and/or delete threshold views that trigger Slack, MS Teams, Email or Webhook Notifications

NSolid Console - Diagnostic Assets:

Permission Options Read and Write Permissions
Generate CPU Profiles Create and Delete CPU Profiles
Generate Heap Snapshots Create and Delete Heap Snapshots

NSolid Console - Monitoring:

Permission Options Read and Write Permissions
Filter Processes Set process and reporting filters
Change Axis Change reporting axis
Make Custom View Change, create and/or delete custom views
Process Detail View Access process detail view for any given process

Automated Actions:

Permission Options Read and Write Permissions
Make new Action in View Set or remove automated actions that are triggered when a performance threshold is exceeded. These include taking a Heap Snapshot, CPU Profile and/or Slack, MS Teams, Webhook or Email Notification

NSolid Console - Settings:

Permission Options Read and Write Permissions
Settings > General Settings Access General Console Settings Including: Setting the Console URL, your NSolid Console License Key and Org Association and asset retention policies.
Settings > Global Notifications Manage Global Notifications for when new security vulnerabilities are discovered, or when your applications experience one of the following global events: event loop blocked for longer than N milliseconds, a process died.
Settings > Saved Views Modify and/or delete saved views
Settings > Integrations Configure Slack, MS Teams and/or Webhook
Settings > Import/Export Settings Import or export your configuration for saved views, integrations and global notifications

For detailed insight into each of NSolid's feature's capabilities visit the NSolid documentation here.

NCM Operations

Overview

The NCM integration with GitHub (Gates/Deployment protection rules) provides users with a tool to ensure the quality and security of their dependencies. This integration catches issues early in the development process, reducing the risk of security vulnerabilities.

NCM GitHub App Integration

Users can add the NCM - NodeSource GitHub App (Gates/Deployment protection rules) to their repositories through the GitHub Marketplace. Once added, the NCM App will analyze each pull request/deployment and send a report to the accounts portal. The NCM app only works for public repos inside of an organization.

ncmapp

NCM Github Configuration

To properly configure and use the NCM application, users must install it as an organization and this organization must have at least one public repository. The NCM option must be selected in the deployment rules found in the repository settings.

ncmapp

Once the deployment rule is in place users can start using the NCM app !

NCM Operations (Accounts Portal)

In the accounts portal, users can view the results of NCM's analysis for each action (Pull Request or Deployment) in their repositories. This section provides a summary of the analysis as well as a more detailed report.

ncmops

To see the detailed report, click on the "View Details". This will redirect users to the page where users can view the detailed report.

ncmdetails

Deployment Approval

NCM validates every deployment flow configured in GitHub and approve or reject it according to NCM's configured rules. If the deployment is rejected, NCM will provide a detailed report explaining the reasons for rejection. NCM will be triggered by webhook events from GitHub and will analyze the deployment based on the configured rules for NCM.

NCM Pull Request Checks

NCM checks each pull request created in a repository with the NCM GitHub App installed. NCM will attach a report marking the pull request status green or red based on the issues found. The report will provide recommendations on how to fix them.

Security

The NCM GitHub App is registered with GitHub using OAuth2 authentication to ensure only authorized users can access the App. The App will also use a private key to sign all requests, ensuring that only GitHub can send requests to the App.

The NCM App will have only read access to the repositories it is installed on, and only read access to the pull requests and deployments in those repositories. This ensures it cannot access sensitive data or make unauthorized changes.