Configure single sign-on for Okta

Before you can configure SSO for Okta in Incident Response you need to obtain the right credentials.

Before you begin

Note: While this integration with a third-party product is supported, the documentation here is based upon information provided by that third-party. More current information about the operation of that third-party’s system may be available from them directly.

Role required: admin

Procedure

  1. Log in to your Okta account and navigate to the Admin dashboard.
  2. From the main menu, go to Applications > Add Application > Create New App
  3. In the Create a New Application Integration dialog, configure the connection details.
    1. From the Platform section, select Web.
    2. From the Sign on method section select SAML 2.0.
    3. Select Create
  4. From the Create SAML Integration window, enter a name in the App name field.
  5. Select Next until the Feedback tab appears.
  6. Select Finish, and ensure that you assign your users.
  7. Navigate to the Applications window.
  8. Select the Sign On tab.
  9. Optional: Select Assignments, if you want to assign either a User or Groups.
    1. Select Assign.
    2. Select Assign to People or Assign to Groups.
  10. Logout.
  11. Log in to Incident Response.
  12. On the navigation pane, select Admin.
  13. On the Single Sign-on, OAuth Identity form, select Set up and manage SSO.
    Note: Only one authentication feature can be enabled at a time.
  14. Select Edit.
  15. Fill in the SSO fields.
    Field Description
    IdP Issuer URI/Entity ID Issuer URI of the Identity Provider. This value is usually the SAML Metadata EntityID of the IdP EntityDescriptor.
    IdP Login URL The binding-specific IDP Authentication Request Protocol endpoint that receives SAML AuthnRequest messages from Incident Response.
    IdP Logout URL [Hidden] Visible when Single Sign Out is enabled. This is the logout endpoint for IdP.
    IdP Signature Certificate
    The PEM encoded public key certificate of the Identity Provider used to verify SAML message and assertion signatures.
    Note: Wrap this field with ––-BEGIN CERTIFICATE----- and ––-END CERTIFICATE----- text.

    A certificate expiration date is generated after successfully adding the certificate. Placeholder alt text for cert-expiration-date

  16. Optional: To activate single sign out, select the Enable Single Sign Out toggle switch.
    When enabled it completes the user IdP logout. Otherwise, their logout is only from Incident Response.
  17. Select Save.
    Figure 1. Configured SSO form example
    Completed SSO configuration form
  18. Use the Test connection button to make sure your configuration works.

    Test connection creates a popup with your results.

    When the test succeeds, you can select Activate to enable SSO.

    If the test failed, follow the instructions in the popup and select Close to continue editing.

    Once you have successfully tested your configuration and activated, you're done. Your SSO configuration is enabled.
    Note: To disable the configuration, use the Enable Single Sign In toggle switch back to the off position.

    See Configure OAuth identity authentication for detailed information on configuring and managing OAuth authentication.

What to do next

See Sign in to Incident Response using Single Sign-on, OAuth, or multi-factor authentication.