Setting up a SAML integration for Okta involves several steps:
Okta Initial Setup
Log in to your Okta account and navigate to the Okta Admin Console.
Click on "Applications" in the left-hand menu.
Click the "Add Application" button in the upper-right corner.
Select "Create New App" and choose the "SAML 2.0" app type.
Enter an App name (“Halo Security”) and an optional logo for the new SAML application.
Click "Next" to proceed to the "Configure SAML" page.
On the "Configure SAML" page, you'll need to provide some information about Halo Security, including:
a. Single sign-on URL: The URL that Okta will redirect users to when they try to access the application.
b. Audience URI (Entity ID): The identifier for your SAML application, which the identity provider (Okta) will use to validate the request.
c. Name ID format: The format of the user identifier that will be sent from Okta to the application.
Source Attribute: user.givenname
Source Attribute: user.surname
d. Assertion consumer service (ACS) URL: The URL that Okta will send the SAML assertion to once the user is authenticated.
Configure the rest of the settings as needed, such as Application Visibility, Feedback Options, and User Consent.
Click "Next" to proceed to the "Feedback" page.
Review the settings on the Feedback page and click "Finish" to complete the setup process.
Next, you'll need to provide Halo Security with a bit of information including the Certificate, Issuer Entity ID, and SAML URL ID. This information can be included on the Halo SAML Setup page.
Halo SAML Setup
To find your SAML certificate for Okta, you can follow these steps:
Log in to your Okta organization as an administrator.
Click on the "Admin" button on the top-right corner of the page.
Navigate to "Security" in the left-hand menu.
Click on "Identity Providers."
Find the Identity Provider you are using and click on its name.
Click on the "Sign On" tab.
Scroll down to the "SAML 2.0" section and click on "View Setup Instructions."
Look for the "Identity Provider Single Sign-On URL" and "Identity Provider Issuer" values on this page. They should contain links to your Base64 SAML metadata file, which will include your SAML certificate.
To find your SAML URL ID for Okta, you can follow these steps:
Log in to your Okta account.
Navigate to the "Admin" section.
Select the "Applications" tab.
Click on the name of the application for which you want to find the SAML URL ID.
Go to the "Sign On" tab.
Look for the "Identity Provider metadata" section and click on the "Identity Provider metadata" link.
A new page will open with the metadata in XML format. Look for the "entityID" attribute in the "EntityDescriptor" element. This value is your SAML URL ID.
Alternatively, you can also find the SAML URL ID by looking at the Okta URL when you access the application.
The SAML URL ID is usually part of the URL and can be identified by the "/sso/saml/" segment followed by a long string of characters.
For example, if the URL for your Okta application is "https://example.okta.com/home/app/1234567890abcdefg/sso/saml/1234567890abcdefg", then "1234567890abcdefg" is your SAML URL ID.
That's it! Once you've completed these steps, you should be able to test the SAML application by clicking the "View Setup Instructions" button on the "Sign On" tab of your new application in the Okta Admin Console.
These are the basic steps for setting up a SAML integration for Okta. For more information, consult the Okta documentation.