Online Help

SafeNet Trusted Access for Okta

Overview

Configuring SafeNet Trusted Access for Okta is a three-step process:

1.Okta setup

2.SafeNet Trusted Access setup

3.Verify Authentication

Okta Setup

As a prerequisite, download the Identity Provider signing certificate from the SafeNet Trusted Access console by clicking the Download X.509 certificate button. You will need this certificate in one of the steps below.

Perform the following steps to configure SafeNet Trusted Access as your Identity Provider in Okta:

1. Log in to Okta as an administrator using the https://<Domain name>.oktapreview.com/login/login.htm URL.

Where, <Domain name> is the domain name registered with Okta.

For example, https://example.oktapreview.com/login/login.htm

2.On the Okta Developer Edition window, click Admin. You will be redirected to the admin console.

3.On the admin console, on the top right-hand side corner, click Developer Console, and switch to Classic UI.

4.Click the Security tab and click Identity Providers.

5. On the Identity Providers window, click Add Identity Provider > Add SAML 2.0 IdP.

6. On the Add Identity Provider window, complete the following fields.

a.In the Name field, enter a company name (for example, SFNT).

b.In the IdP Username field, select idpuser.subjectNameId.

c.In the Match against field, select Email.

d.In If no match is found field, select the Redirect to Okta sign-in page option.

e.In the IdP Issuer URI field, enter the ISSUER/ENTITY ID URL that is provided on the SafeNet Trusted Access console.

You can copy this URL by clicking the Copy to Clipboard icon available next to the ISSUER/ENTITY ID field.

f.In the IdP Single Sign-On URL field, enter the SINGLESIGNONSERVICE URL that is provided on the SafeNet Trusted Access console.

You can copy this URL by clicking the Copy to Clipboard icon available next to the SINGLESIGNONSERVICE field.

g.In the IdP Signature Certificate field, click Browse to search and select the identity provider signing certificate that you downloaded earlier from the STA console.

5. Click Show Advanced Settings and ensure the following:

a.Request Binding is selected as HTTP-POST.

b.In the Request Signature field, the Sign SAML Authentication Requests checkbox is selected.

c.Request Signature Algorithm is selected as SHA-256.

d.Response Signature Verification is selected as Response or Assertion.

e.Response Signature Algorithm is selected as SHA-256.

7. Click Add Identity Provider.

8.On the Identity Providers window, you need to search for the identity provider (for example, SFNT) and click the icon to get the Okta Service Provider information.

9.In SAML metadata field, click Download metadata, the Okta metadata will be downloaded on your desktop. Save it on your local machine with the .xml extension (for example, metadata.xml)

10.To set the SFNT identity provider as the default identity provider, on the Identity Providers window, click the Routing Rules tab.

11.Click Add Routing Rule.

12.On the Add Rule window, perform the following steps :

a.In the Rule Name field, enter a rule name (for example, SFNT Rule).

b.Select values as per your preferred configuration in the following fields:

User's IP is

User's device platform is

User is accessing

User matches

c.In the Use this identity provider field, select SFNT.

d.Click Create Rule.

13.A message to active the rule (for example, SFNT Rule) is displayed, click Activate.

SafeNet Trusted Access Setup

After completing the first step of configuring SafeNet Trusted Access in Okta, the second step is to activate the Okta application in SafeNet Trusted Access by performing the following steps:

1.In the Applications pane, the Okta application you added earlier is in the inactive state by default. To configure and activate this application, click the application (for example, Okta) and proceed to the next step.

2.Under STA Setup, click Upload Okta Metadata.

3.On the Metadata Upload window, click Browse to search and select the Okta metadata that you downloaded in step 9 of Okta Setup.

In the Account Details section, the service provider metadata information is displayed.

4.Click Save Configuration to save the details and activate the Okta application in SafeNet Trusted Access.

Verify Authentication

Using STA Console

Navigate to the Okta login URL, for example, https://<Domain name>.oktapreview.com.

You will be redirected to your SafeNet Trusted Access sign-in page. Enter your primary directory login information, approve the two-factor authentication, and you should be redirected to the Okta application after authentication.

Using STA User Portal

Navigate to the User Portal URL to log in to the STA User Portal dashboard. On the dashboard, you will see a list of applications to which you have access. Click the Okta application icon. You should be successfully logged in to the Okta application after authentication.

 

© 2019 SafeNet Trusted Access. Various trademarks held by their respective owners.