Configuring SAML SSO with Okta
Steps
- Sign into the Okta portal. Click the Admin button from the top right corner. The Okta Admin Console opens.
- On the left navigation pane, click the Applications drop-down.
- From the Applications drop-down, click the Applications button. The Applications page opens.
- Click the Create App Integration button.
- On the Create a new app Integration dialog, select the SAML 2.0 radio button. Then click the Next button. The Create SAML Integration page opens.
-
In the General Settings tab:
- In the App name field, enter the name Forcepoint ONE Data Security.
- Check the Do not display application icon to users check box.
- Click the Next button.
- Open the Forcepoint ONE Data Security portal and navigate to Settings > Advanced > External Identity Providers.
- Set the toggle button to Enabled.
- Under the STEP 1, you can copy the Single Sign On URL, Audience Restriction, and Tenant ID details.
-
On the Configure SAML tab in Okta portal:
-
Under the SAML Settings section:
- In the Single sign on URL field, enter the Single Sign On URL copied from step 9.
- In the Audience URI (SP Entity ID) field, enter the Audience Restriction copied from step 9.
- Check the Use this for Recipient URL and Destination URL checkbox.
-
Scroll down for the Attribute Statements (optional) section:
- Click the Add Another button to add new rows. You can use the Add Another button to add multiple rows as required.
- In the Name and Value fields, enter the details in the below table as shown in the following image:
Table 1. Attribute Statements Name Value http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress user.email tenantId Enter the Tenant ID from Step9. name user.displayName
- Scroll down and click the Next button.
-
Under the SAML Settings section:
-
In the Feedback tab:
- Click the I’m an Okta customer adding an internal app radio button.
- Check the This is an internal app that we have created checkbox.
- Click the Finish button.
After clicking the Finish button, under the Forcepoint ONE Data Security application page, the Sign On tab opens.
- Scroll down for the SAML Setup section, click the View SAML setup instructions button. The How to Configure SAML 2.0 for (the Tenant ID is displayed here) Application page opens.
- Scroll down and from the Optional section, copy the IDP metadata details.
- Navigate to Settings > Advanced > External Identity Providers on Forcepoint ONE Data Security portal.
- Under STEP 2, in the IDP metadata field, enter the copied IDP metadata details from the Okta admin console.
-
Click the Save button.
Note: To log in to the Forcepoint ONE Data Security portal using SAML SSO, users must be assigned to the Forcepoint ONE Data Security application in the Okta portal. Users not assigned to the Forcepoint ONE Data Security application will encounter an error while logging in.