Skip to main content

Okta Single Sign-On integration with SAML

Okta is an identity and access management platform. Its Single Sign-On (SSO) solution allows users to log into a variety of systems using one centralized process.

This document explains how to configure Okta and Invicti Platform for Single Sign-On.

Configure Okta with SAML

There are two steps in this process:

Step 1: Add an application to Okta

  1. Navigate to Okta's Admin Console, then select Applications > Applications from the left-side menu.
  2. Click Create App Integration.
  3. From the Create a new app integration dialog, select SAML 2.0. Then click Next.
Creating SAML 2.0 app integration in Okta
  1. On the Create SAML Integration page, enter a name in the App name field. Invicti is used for this example.
  2. Select Next.
  3. In a new browser tab, login to Invicti Platform and select Settings > Security & access control > SSO & Provisioning.
  4. Turn on the Enable SSO toggle.
  5. Select Okta from the SSO Provider drop-down list.
  6. Copy the SAML 2.0 Service URL and paste the URL into Okta's Single Sign-on URL field.
  7. Return to the Invicti browser tab and copy the Identifier URL. Paste it into Okta's Audience URI (SP Entity ID) field.
Okta SSO integration in Invicti Platform
  1. In the Okta tab, add the following FirstName field in the Attribute Statements and select user.firstName value from drop-down.
Configuration of attribute statements in Okta
  1. Click Next to view the Feedback tab.
  2. Click Finish. The Invicti application's details appear.
  3. In the Sign On tab click View SAML setup instructions. Okta opens a new browser tab.
  4. From the new tab, copy the URL from the Identity Provider Issuer and paste the URL to Invicti's IdP Identifier field.
  5. In the Okta tab, copy the URL from the Identity Provider Single Sign-On URL and paste it to Invicti's SAML 2.0 Endpoint field.
  6. In the Okta tab, copy the content from the X.509 Certificate field. Then switch to the Invicti tab and paste the URL to the X.509 Certificate field.
Configuration of SAML 2.0 Endpoint, IdP Identifier, X.509 Certificate in Invicti
  1. In Invicti, select the checkboxes for signed assertions, encrypted assertions, or sign requests as needed.
Additional security options in Invicti Platform including assertions and sign requests

warning

Selecting Require encrypted assertions requires applying additional settings in Okta. For instructions, refer to Configure encrypted assertions in Okta.

  1. If you enable any assertions or requests, a new section appears where you can Generate a new certificate or upload an existing one.
Setup of additional security certificate in Invicti Platform
  1. Use the Invicti's SSO Exemptions drop-down to select users who can log in to Invicti via password.
SSO Exemptions dropdown in Invicti Platform
  1. Click Save.

Configure encrypted assertions in Okta

  1. From Okta's main menu, go to Applications > Invicti.
  2. Select the General tab and scroll to the SAML Settings section. Click Edit.
  3. Click Next, then Show Advanced Settings.
  4. Use the drop-down next to Assertion Encryption to select Encrypted.
  5. Click Browse Files next to Encryption Certificate and upload your Invicti certificate.
Configuring assertion encryption in Okta

Step 2: Add users to the application in Okta

  1. Select Directory > People from the left-side menu in Okta.
  2. Click the Add Person button to open a form.
  3. Fill out the form.
  4. Click Save.
  5. Select Applications > Applications from the left-side menu.
  6. Select Invicti from the list.
  7. In the Assignments tab, click Assign > Assign to People.
  8. From the Assign Invicti to People dialog, select Assign next to the person you want to add.
  9. Select Save and Go Back.
  10. Click Done.

Your assigned users can now log in to Invicti via Okta.

info

To learn more about the Single Sign-On fields, refer to the Single Sign-On configuration document.

Need help?

Invicti Support team is ready to provide you with technical help. Go to Help Center

Was this page useful?