Configuring Neo cloud portal with Okta

Steps

  1. Sign in to the Okta portal. Click the Admin button from the top right corner. The Okta Admin Console opens.
  2. On the left navigation pane, click the Applications drop-down.
  3. From the Applications drop-down, click the Applications button. The Applications page opens.
  4. Click the Create App Integration button.
  5. On the Create a new app Integration dialog, select the SAML 2.0 radio button. Then click the Next button. The Create SAML Integration page opens.
  6. In the General Settings tab:
    1. In the App name field, enter the name Forcepoint Neo.
    2. Check the Do not display application icon to users check box.
    3. Click the Next button.
  7. Open the Neo cloud portal, navigate to Settings > Advanced > External Identity Providers.
  8. Set the toggle button to Enabled.
  9. Under the STEP 1, you can copy the Single Sign On URL, Audience Restriction, and Tenant ID details.
  10. On the Configure SAML tab:
    1. Under the SAML Settings section:
      1. In the Single sign on URL field, enter the Single Sign On URL from the Neo cloud portal.
      2. In the Audience URI (SP Entity ID) field, enter the Audience Restriction from the Neo cloud portal.

      3. Check the Use this for Recipient URL and Destination URL checkbox.
    2. Scroll down for the Attribute Statements (optional) section:
      1. Click the Add Another button to add new rows. You can use the Add Another button to add multiple rows as required.
      2. In the Name and Value fields, enter the details in the below table as shown in the following image:
        Table 1. Attribute Statements
        Name Value
        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress user.email
        tenantId Enter the Tenant ID from the Neo cloud portal.
        name user.displayName

    3. Scroll down and click the Next button.
  11. In the Feedback tab:
    1. Click the I’m an Okta customer adding an internal app radio button.
    2. Check the This is an internal app that we have created checkbox.
    3. Click the Finish button.

    The Forcepoint Neo application created now. After clicking the Finish button, under the Forcepoint Neo application page, the Sign On tab opens.

  12. Scroll down for the SAML Setup section, click the View SAML setup instructions button. The How to Configure SAML 2.0 for (the Tenant ID is displayed here) Application page opens.
  13. Scroll down and from the Optional section, copy the IDP metadata details.
  14. Navigate to Neo cloud portal > Settings > Advanced > External Identity Providers.
  15. Under the STEP 2, in the IDP metadata field, enter the copied IDP metadata details from the Okta admin console.
  16. Click the Save button.
    Note: To log in to the Neo cloud portal using SAML SSO, users must be assigned to the Forecpoint Neo application in the Okta portal. Users not assigned to the Forcepoint Neo application will encounter an error while logging in.

Result

After a few minutes the LOGIN WITH SAML SSO button is appeared on the Neo cloud portal sign-in page.