Skip to main content
Sign in

SAML SSO Setup: Okta

Jason Bratcher
  • Updated

You can set up SSO on the SSO Settings page for both the Portal and the School, but you will need to create two separate applications on your IDP (this is due to needing to use different URLs). The top section are Portal settings that you will paste into your IDP and the bottom section are settings that you will get from your IDP.

First, log in to Portal and go to Administration > Integration Store and click on the "Setup" button for Okta.

CaptureSSOSettings1.jpg

From the Okta Admin portal, go to the Applications tab and click the green "Add Application" button.

Next, click the green "Create New App" button.

  1. Select "Web" from the Platform dropdown menu.
  2. Select the SAML 2.0 radio button.
  3. Click the green "Create" button.

Step 1: General Settings

Give your app a name and upload a logo of your choice. Then click on the green "Next" button.

OktaStep1.jpg

Step 2: Configure SAML

Portal SP Settings you plugin into your IDP:

  • ACS (Consumer) URL -> Single sign on URL
  • EntityId -> Audience URI (SP Entity ID)
  • Your Whitelabeled URL -> Default Relay
  • Select "emailAddress" -> Name ID format
  • Select "email" -> Application username

OktaStep2.jpg

Single Log Out (optional)

If you wish to use Single Logout (SLO) with PhishingBox, click the 'Show Advanced Settings' link in the Okta application's SAML Settings form. This will expose Okta's SLO settings.

single-log-out.PNG

Click the 'Allow application to initiate Single Logout' checkbox. Then, copy the Single Logout URL from PhishingBox and paste it into the Single Logout URL field in the SAML Settings form. The 'SP Issuer' in Okta will be the same as the 'Audience URI (SP Entity ID)', or Entity ID.  Download the Signature Certificate from the PhishingBox Okta setup form by clicking the 'Download Certificate' link.

download-cert.PNG

Upload the certificate to the Okta application in the 'Signature Certificate' field. Be sure to click the 'Upload Certificate' button after you have selected the file. The file will be named 'sp.crt'.

  • NOTE: Some browsers may give warnings when downloading .crt files.
  • NOTE: Okta only accepts logout requests from service providers. Okta will never send logout requests to service providers. I.e., logging out of PhishingBox will log the user out of Okta, but not vice versa.

Step 3: Feedback

Select the "I'm an Okta customer adding an internal app" radio option.

OktaStep3.jpg

Step 4: Feedback

Your IDP settings you plugin into Portal SP:

Click on the "View Setup Instructions" button to get the settings to enter in Portal.

  • x.509 Certificate -> x.509 Certificate
  • Identity Provider Issuer -> Issuer URL
  • Leave the SLO Endpoint URL field blank
  • Identity Provider Single Sign-On URL -> ACS Endpoint URL

To navigate to the Portal SSO Settings for Okta, go to Administration > Integration Store and click on the Setup button for Okta.

OktaStep5.jpg

Comments

0 comments

Please sign in to leave a comment.