Configuring SAML SSO with Okta
Steps
- Sign into the Okta portal. Click the Admin button from the top right corner. The Okta Admin Console opens.
- On the left navigation pane, click the Applications drop-down.
- From the Applications drop-down, click the Applications button. The Applications page opens.
-
Click the Create App Integration button.
-
On the Create a new app Integration dialog, select the SAML 2.0 radio button. Then click the Next button. The
Create SAML Integration page opens.
-
In the General Settings tab:
- In the App name field, enter the name Forcepoint Data Security Cloud | DLP.
- Check the Do not display application icon to users check box.
-
Click the Next button.
- Open the Forcepoint Data Security Cloud | DLP portal and navigate to Settings > Advanced > External Identity Providers.
- Set the toggle button to Enabled.
-
Under the STEP 1, you can copy the Single Sign On URL, Audience Restriction, and Tenant
ID details.
-
On the Configure SAML tab in Okta portal:
-
Under the SAML Settings section:
- In the Single sign on URL field, enter the Single Sign On URL copied from step 9.
- In the Audience URI (SP Entity ID) field, enter the Audience Restriction copied from step 9.
- Check the Use this for Recipient URL and Destination URL checkbox.
-
Scroll down for the Attribute Statements (optional) section:
- Click the Add Another button to add new rows. You can use the Add Another button to add multiple rows as required.
- In the Name and Value fields, enter the details in the below table as shown in the following image:
Table 1. Attribute Statements Name Value http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress user.email tenantId Enter the Tenant ID from Step9. name user.displayName
- Scroll down and click the Next button.
-
Under the SAML Settings section:
-
In the Feedback tab:
- Click the I’m an Okta customer adding an internal app radio button.
- Check the This is an internal app that we have created checkbox.
-
Click the Finish button.
After clicking the Finish button, under the Forcepoint Data Security Cloud | DLP application page, the Sign On tab opens.
-
Scroll down for the SAML Setup section, click the View SAML setup instructions button. The How to Configure SAML 2.0 for
(the Tenant ID is displayed here) Application page opens.
-
Scroll down and from the Optional section, copy the IDP metadata details.
- Navigate to Settings > Advanced > External Identity Providers on Forcepoint Data Security Cloud | DLP portal.
-
Under STEP 2, in the IDP metadata field, enter the copied IDP metadata details from the Okta admin console.
-
Click the Save button.
Note: To log in to the Forcepoint Data Security Cloud | DLP portal using SAML SSO, users must be assigned to the Forcepoint Data Security Cloud | DLP application in the Okta portal. Users not assigned to the Forcepoint Data Security Cloud | DLP application will encounter an error while logging in.