Setting up SAML for Okta Tool

Setting up SAML for Okta Tool


This document provides a step-by-step guide on how to configure SAML for the Securin platform on your Okta application.


Step 1: Creating an Enterprise Application on Okta

Step 2: Setting up the Single Sign-On (SSO)

Step 3: Adding Attributes and Claims

Step 4: Adding Users to the Application

Step 5: Signing in with Single Sign-On in Securin

Prerequisites

The SSO URL and Audience URI (SP Entity ID): These details can be obtained by dropping a note to support@securin.io.


Step 1: Creating an Enterprise Application on Okta

To create an enterprise application, you need to:

  1. Log in to your Okta application.
  2. Click on Create App Integration in the Applications tab.

Create App Integration1



  1. Then, select SAML 2.0.


Create App Integration—2


  1. Click Next.

Step 2: Setting up the Single Sign-On
  1. In the General Settings section, you need to enter Securin Okta as the App Name.
  2. Optionally, upload an image for the App logo.
  3. Click Next.

OKTA General Settings—1


  1. Enter the sign-on URL. It should be in the following format: https://auth.securin.io/auth/realms/CyberSecurityWorks/broker/company-name/endpoint.
  2. Check the box next to Use this for Recipient URL and Destination URL.
  1. Add the audience URI. It should be in the following format: https://auth.securin.io/auth/realms/CyberSecurityWorks.
  2. Select Email as the Application username. This means that the user names will be based on the employees' email address.


OKTA General Settings—2


Step 3: Adding Attributes and Claims


In this step, you need to add the Attribute claims to allow users and their email addresses to access the SSO feature. 


  1. The value for firstName should be user.firstName, and the value for lastName should be user.lastName.


Attributes Configurations—1 

Then, select the appropriate options for your configuration.


Attributes Configurations—2



The Okta SSO configurations are now complete.



Metadata URL


Step 4: Adding Users to the Application

Once the application is set up, you can add users who can access the single sign-on feature.


  1. In the Securin Okta Application page, click Assign Users in the left navigation pane.

Assigning Users1



  1. In the search box, type the name of the users you want to give access to and click Assign.

Assigning Users—2





  1. When you're done assigning SSO for all users, click Done.


Your user setup is also complete now.


Step 5: Signing in with Single Sign-On in Securin


  1. To sign in with SSO, go to Securin's sign-in page and click on Sign-in with Single Sign On.

Securin Sign-in Screen



  1. Enter the email address with which you have set up SSO and click Continue.

SSO with Securin


  1. You will be redirected to the Okta Sign in page, where you should enter the same email address here and click Next.

OKTA Verification Method


  1. Select a verification method.

Authentication Method


  1. Enter the password and click Verify.

Password Authentication


  1. Then, select the second authentication method.

Verification Method


  1. Enter the code and click Verify.

Verification Code


If you have already linked your Okta email address to the Securin application, you will see this page:

Account Actions



  1. In this case, click Add to Existing Account.


In the subsequent page, you will find the following instructions.

Instructions


  1. If you have not already received the verification code, click the first link to receive the code and verify.
  1. If your email address is already verified, click the second link.
  1. You will receive the link to verification in your email address. Click the link and follow the given steps.


Once you are done, you will be able to log in easily.


Customer Actions after Configuration


Finally, after completing the above steps, you need to send the following details to support@securin.io:

  1. A list of domains and subdomains associated with the email of the users added to SAML. (For example: If your users' email addresses are user1@securin.io, user2@marketing.securin.io, or user3@sales.securin.io, please send securin.io, marketing.securin.io, and sales.securin.io). This is needed for redirecting to your SAML application and will be stored to a field in SAML IdP on keycloak.
  2. Metadata Details, which can be found on the page displayed right after your configuration is set up.

    • Related Articles

    • Setting up SAML for Microsoft Azure Tool

      The Security Assertion Markup Language (SAML) feature allows a user to access all of their SaaS applications by entering their login credentials once on a single page. There are several benefits to it: It improves the security posture as there is ...

    • Setting Up Notifications in the ASM Platform

      Setting Up Notifications in the ASM Platform The ASM platform offers a comprehensive notification feature to ensure you receive timely updates on critical events. Follow these steps to set up your notifications easily: Log in to the platform and ...

    • Setting up Webhooks for Securin ASM Alerts in Chat Applications

      Setting up Webhooks for Securin ASM Alerts in Chat Applications The Securin ASM platform now offers a notification feature that enables users to receive alerts and updates directly in their preferred chat applications. To utilize this feature, users ...

    • Frequently Asked Questions - Single Login

      1. As a customer using both ASM and VI products, what happens to my Multi-Factor Authentication (MFA) setup if I have two different MFA setups for VI and ASM? The MFA Setup done previously in ASM will take precedence and work for the Single Login ...

    • Security

      Setting up Multi-Factor Authentication (MFA) in the Security Tab The Security tab in the Securin ASM platform provides options to set up Multi-Factor Authentication (MFA) for your account. MFA adds an extra layer of security to protect your account. ...