Okta SSO

Instructions for Configuration of Okta SSO as an Authentication Server with InsightCloudSec

Okta provides single sign-on (SSO) capabilities (and Multi-Factor Authentication) that can be configured as an identity provider for use with InsightCloudSec.

Prerequisites

Before getting started you will need to have the following

  • A functioning InsightCloudSec platform
  • Appropriate InsightCloudSec permissions (Domain Admin or Org Admin)
  • Administrative access for your Okta account
  • Ensure you have set your Base URL within InsightCloudSec. This is specified under Administration --> System Administration --> on the System tab under General Settings, for example https://insightcloudsec.acme.com.

For questions or issues reach out to us through the Customer Support Portal.

📘

Value Names (DivvyCloud vs. InsightCloudSec)

Some components, screen captures, examples, and values use our former product name (DivvyCloud vs. InsightCloudSec). Updates to the naming of these components will be communicated when changes are made, but note that the name difference does not affect functionality within the product.

Okta Console Steps (Part 1)

1. Open Okta, locate Applications on the main toolbar, and click "Add Applications".

2. Click the button to "Create New App" with the following parameters:

  • Select 'Web' as the platform.
  • Select 'SAML 2.0' as the sign-on method.
28762876

Create an Okta Application

3. Click "Create" to launch the "Create SAML Integration" process in Okta.

4. Complete the settings for the application as desired, for example:

  • App Name, e.g., ‘DivvyCloud SSO’ as shown below.
  • App logo (optional).

5. Click "Next" to move to the "Configure SAML" Step.

  • Note: You will need to return to InsightCloudSec to grab details to complete this portion of the configuration within Okta.
22122212

Okta Configuration Example - General Settings

InsightCloudSec Console Steps (Part 1)

1. Navigate to "Administration --> Identity Management" and click on the "Authentication Servers" tab.

28802880

Identity Management - Authentication Servers

2. Click on the "Add Server" button and complete the form as follows:

  • Provide a nickname for your server.
  • Select 'SAML' as the Server Type.

3. Selecting 'SAML' will provide a form that includes the two URLs required for the Okta configuration. For example:

  • https://baseurl.net/v3/auth/provider/saml/19/acs
  • https://baseurl.net/v3/auth/provider/saml/19/metadata/
19841984

Authentication Server - Okta Example

Okta Console Steps (Part 2)

These steps assume that you have the required URLs from the "Create Authentication Server" window in InsightCloudSec. We are resuming these instructions at Step #6 in Okta.

6. In the "Create SAML Integration form - 2 Configure SAML" enter the two URLs from InsightCloudSec into the Okta configuration.

  • ‘Single Sign on URL’ is InsightCloudSec's ‘Assertion Consumer Service URL’.
  • ‘Audience URI’ is InsightCloudSec's ‘Metadata Identify URL’.
  • All other options can be left at default values.
24882488

Okta Configuration Example - Configure SAML

7. Click "Next" to move to the "Feedback" section and complete creation of your Okta configuration.

  • Select 'I am an Okta customer adding an internal app'.
  • Check ‘This is an internal app that we have created’.
23742374

Okta Configuration Example

8. Click "Finish" to complete your application setup. This will redirect to your finalized application page.

22302230

Finalized Okta Application

9. Click on "View Setup Instructions" to view the full XML details. Note the following information for your Okta configuration in InsightCloudSec:

  • Identity Provider Single Sign-On URL
  • Identity Provider Issuer
  • X.509 Certificate

InsightCloudSec Console Steps (Part 2)

These steps assume you are still working from the "Administration --> Identity Management" on the "Authentication Servers" tab with an active window to create a new Okta SSO Setup with a SAML Authentication server. We are resuming these instructions at Step #4

4. Complete creation of the authentication server.

  • Select the Global Scope checkbox if you want to use this server across multiple InsightCloudSec Organizations. Learn more about Organizations.
  • Note the following fields are the minimum required (all subsequent fields will vary/are optional based on your environment and requirements)
    • Idp Entity ID/Metadata URL
    • SSO URL
    • Idp x509 Certificate
19841984

InsightCloudSec Authentication Server Creation Continued (additional SAML details from Okta)

For any fields labeled "JIT", these options refer to our Just In-Time Provisioning capabilities, you can read details on these capabilities in our Just In-Time User Provisioning (Authentication Server Support) documentation.

5. Click ‘Submit’ once you have completed your desired setup. Your new server will be displayed under the "Administration --> Identity Management --> Authentication Servers" tab.


Did this page help you?