Configuring Okta SSO with SAML 2.0 protocol

Forcepoint Security Manager supports Single Sign-On (SSO) via SAML 2.0 protocol, and certified for Okta identity provider. This helps the user to login to the Forcepoint Security Provider using SSO.

Complete the following steps to configure Okta with SAML 2.0 protocol.

Steps

  1. Sign into the Okta portal using the Okta account.
  2. On the left navigation pane, click the Applications drop-down.
  3. From the Applications drop-down, click the Applications.

    The Applications page opens.

  4. Click the Create App Integration button.
  5. On the Create a new app Integration dialog, select the SAML 2.0 option, and then click the Next button.

    The Create SAML Integration page opens.

  6. In the General Settings tab:
    1. In the App name field, enter the name of application e.g. Forcepoint Security Manager.
    2. (Optional) Add the logo into App logo box.

      Click here to download Forcepoint Security Manager logo

    3. Click the Next button.
  7. Open Forcepoint Security Manager and navigate to Global Settings > General > Single Sin-On.

    In Single Sign-On page:

    1. Enable the SSO feature by selecting Enable Single Sign-on with SAML 2.0 protocol checkbox.
  8. Go back to Create SAML Integration page.
    Under the SAML Settings section:
    1. Enter the Single sign on URL and Audience URI (SP Entity ID).
    2. Check the Use this for Recipient URL and Destination URL checkbox.
    3. Select Email from drop-down as the Application username.
  9. Navigate to the Attribute Statements (optional) section:
    1. Add 'Email' for Name and 'user.email' for Value.
    2. Click Next button.
  10. Click Finish to save the details.
  11. Go to Directory, and then click People.
  12. Select user from Person & Username list.
  13. Click on Assign Applications from Application tab.
    Assign Applications window opens.
  14. Click Assign button to assign the application, and click Done.
  15. In Assignments tab:
    Note: To log in to the Forcepoint Security Manager using SAML SSO, users must be assigned to the Forcepoint Security Manager application in the Okta portal.
  16. Navigate to Forcepoint Security Manager application in okta, go to Settings:
    1. Scroll down for the SAML Setup section, click the View SAML setup instructions button.

      The How to Configure SAML 2.0 for Forcepoint Security Manger Application page opens.

  17. Copy the Identity Provider Single Sign-On URL, Identity Provider Issuer, X.509 Certificate from Okta.
  18. Open Forcepoint Security Manager and navigate to Global Settings > General > Single Sign-On.
    In Single Sign-On page:
    1. In Identity Provider Configuration section, enter Identity Provider Single Sign-On URL, Identity Provider Issuer, and X.509 Certificate copied from previous step.
  19. Go to Forcepoint Security Manager.
    In Administrators page:
    1. Add a new user with the Okta user email address.

      Now, Forcepoint Security Manager is able to access with SSO.

  20. In Okta, navigate to My settings > Open link in new tab.
    1. Go to My Apps, a new application Forcepoint Security Manager will be available.

      By using this Forcepoint Security Manager application in Okta, the user can login to the Forcepoint Security Manager using SSO.

      When the user click on the newly added Forcepoint Security Manager application, the system redirects you to the Forcepoint Security Manager portal from the Okta account.