Okta SSO

Okta provides single sign-on (SSO) capabilities (and Multi-Factor Authentication) that can be configured as an identity provider for use with InsightCloudSec.

Prerequisites

Before getting started you will need to have the following

  • A functioning InsightCloudSec platform
  • Appropriate InsightCloudSec permissions (Domain Admin or Org Admin)
  • Administrative access for your Okta account
  • Ensure you have set your Base URL within InsightCloudSec. This is specified under Administration > System Administration on the System tab under General Settings, for example https://insightcloudsec.acme.com.

For questions or issues reach out to us through the Customer Support Portal.

Product name to be replaced

You may observe that some components, screen captures, or examples use our former product name, DivvyCloud. This doesn't affect the configuration or the product's functionality, and we will notify you as we replace these component names.

Okta Console Steps (Part 1)

  1. Open Okta, locate Applications on the main toolbar, and click Add Applications.
  2. Click the button to Create New App with the following parameters:
    • Select Web as the platform.
    • Select SAML 2.0 as the sign-on method.
  3. Click Create to launch the Create SAML Integration process in Okta.
  4. Complete the settings for the application as desired, for example:
    • App Name, e.g., InsightCloudSec SSO’.
    • App logo (optional).
  5. Click Next to move to the Configure SAML Step.
    • You will need to return to InsightCloudSec to grab details to complete this portion of the configuration within Okta.

InsightCloudSec Console Steps (Part 1)

  1. Navigate to Administration > Identity Management and click on the Authentication Servers tab.
  2. Click on the Add Server button and complete the form as follows:
    • Provide a nickname for your server.
    • Select SAML as the Server Type.
  3. Selecting SAML will provide a form that includes the two URLs required for the Okta configuration. For example:
    • https://baseurl.net/v3/auth/provider/saml/19/acs
    • https://baseurl.net/v3/auth/provider/saml/19/metadata/

Okta Console Steps (Part 2)

These steps assume that you have the required URLs from the Create Authentication Server window in InsightCloudSec.

  1. In the Create SAML Integration form - 2 Configure SAML enter the two URLs from InsightCloudSec into the Okta configuration.
    • Single Sign on URL is InsightCloudSec's Assertion Consumer Service URL.
    • Audience URI is InsightCloudSec's Metadata Identify URL.
    • All other options can be left at default values.
  2. Click Next to move to the Feedback section and complete creation of your Okta configuration.
    • Select I am an Okta customer adding an internal app.
    • Check This is an internal app that we have created.
  3. Click Finish to complete your application setup. This will redirect to your finalized application page.
  4. Click on View Setup Instructions to view the full XML details. Note the following information for your Okta configuration in InsightCloudSec:
    • Identity Provider Single Sign-On URL
    • Identity Provider Issuer
    • X.509 Certificate

InsightCloudSec Console Steps (Part 2)

These steps assume you are still working from the Administration > Identity Management on the Authentication Servers tab with an active window to create a new Okta SSO Setup with a SAML Authentication server.

  1. Complete creation of the authentication server.

    • Select the Global Scope checkbox if you want to use this server across multiple InsightCloudSec Organizations. Learn more about Organizations.
    • Note the following fields are the minimum required (all subsequent fields will vary/are optional based on your environment and requirements)
      • Idp Entity ID/Metadata URL
      • SSO URL
      • Idp x509 Certificate

    For any fields labeled JIT, these options refer to our Just In-Time Provisioning capabilities, you can read details on these capabilities in our Just In-Time User Provisioning (Authentication Server Support) documentation.

  2. Click Submit once you have completed your desired setup. Your new server will be displayed under the Administration > Identity Management > Authentication Servers tab.