Instructions for Configuration of Okta SSO as an Authentication Server with InsightCloudSec
Okta provides single sign-on (SSO) capabilities (and Multi-Factor Authentication) that can be configured as an identity provider for use with InsightCloudSec.
Before getting started you will need to have the following
- A functioning InsightCloudSec platform
- Appropriate InsightCloudSec permissions (Domain Admin or Org Admin)
- Administrative access for your Okta account
- Ensure you have set your Base URL within InsightCloudSec. This is specified under Administration --> System Administration --> on the System tab under General Settings, for example
For questions or issues reach out to us through the Customer Support Portal.
Value Names (DivvyCloud vs. InsightCloudSec)
Some components, screen captures, examples, and values use our former product name (DivvyCloud vs. InsightCloudSec). Updates to the naming of these components will be communicated when changes are made, but note that the name difference does not affect functionality within the product.
Okta Console Steps (Part 1)
1. Open Okta, locate Applications on the main toolbar, and click "Add Applications".
2. Click the button to "Create New App" with the following parameters:
- Select 'Web' as the platform.
- Select 'SAML 2.0' as the sign-on method.
3. Click "Create" to launch the "Create SAML Integration" process in Okta.
4. Complete the settings for the application as desired, for example:
- App Name, e.g., ‘DivvyCloud SSO’ as shown below.
- App logo (optional).
5. Click "Next" to move to the "Configure SAML" Step.
- Note: You will need to return to InsightCloudSec to grab details to complete this portion of the configuration within Okta.
InsightCloudSec Console Steps (Part 1)
1. Navigate to "Administration --> Identity Management" and click on the "Authentication Servers" tab.
2. Click on the "Add Server" button and complete the form as follows:
- Provide a nickname for your server.
- Select 'SAML' as the Server Type.
3. Selecting 'SAML' will provide a form that includes the two URLs required for the Okta configuration. For example:
Okta Console Steps (Part 2)
These steps assume that you have the required URLs from the "Create Authentication Server" window in InsightCloudSec. We are resuming these instructions at Step #6 in Okta.
6. In the "Create SAML Integration form - 2 Configure SAML" enter the two URLs from InsightCloudSec into the Okta configuration.
- ‘Single Sign on URL’ is InsightCloudSec's ‘Assertion Consumer Service URL’.
- ‘Audience URI’ is InsightCloudSec's ‘Metadata Identify URL’.
- All other options can be left at default values.
7. Click "Next" to move to the "Feedback" section and complete creation of your Okta configuration.
- Select 'I am an Okta customer adding an internal app'.
- Check ‘This is an internal app that we have created’.
8. Click "Finish" to complete your application setup. This will redirect to your finalized application page.
9. Click on "View Setup Instructions" to view the full XML details. Note the following information for your Okta configuration in InsightCloudSec:
- Identity Provider Single Sign-On URL
- Identity Provider Issuer
- X.509 Certificate
InsightCloudSec Console Steps (Part 2)
These steps assume you are still working from the "Administration --> Identity Management" on the "Authentication Servers" tab with an active window to create a new Okta SSO Setup with a SAML Authentication server. We are resuming these instructions at Step #4
4. Complete creation of the authentication server.
- Select the Global Scope checkbox if you want to use this server across multiple InsightCloudSec Organizations. Learn more about Organizations.
- Note the following fields are the minimum required (all subsequent fields will vary/are optional based on your environment and requirements)
- Idp Entity ID/Metadata URL
- SSO URL
- Idp x509 Certificate
For any fields labeled "JIT", these options refer to our Just In-Time Provisioning capabilities, you can read details on these capabilities in our Just In-Time User Provisioning (Authentication Server Support) documentation.
5. Click ‘Submit’ once you have completed your desired setup. Your new server will be displayed under the "Administration --> Identity Management --> Authentication Servers" tab.
Updated 10 months ago