Okta: Configuring Forcepoint Data Security Cloud | SSE as a SAML SP

You can configure Okta to support Forcepoint Data Security Cloud | SSE as a SAML Service Provider. Admin can use the registered application available in Okta for easy configuration.

When adding an external IdP to Forcepoint Data Security Cloud | SSE, the first IdP that is created will have an Entity ID of https://sso.eu.bitglass.net. This will work fine if you are deploying Forcepoint Data Security Cloud | SSE and Okta is the first IdP that you are adding to Forcepoint Data Security Cloud | SSE. However, if you create or add a secondary IdP to Forcepoint Data Security Cloud | SSE, the Entity ID will be https://saml.eu.bitglass.net/<string> where the <string> is a randomly generated value that tells Forcepoint Data Security Cloud | SSE which tenant and email domain the assertion is valid for.

If Okta is not the first IdP that you are adding to Forcepoint Data Security Cloud | SSE, then you will need to change the Audience URI (SP Entity ID) field to https://saml.eu.bitglass.net/<string> that you find on Forcepoint Data Security Cloud | SSE's SAML Authentication page.

Note: Forcepoint Data Security Cloud | SSE UI supports UTF-8 characters. However, the SAML assertion only supports low-ASCII characters as attribute values. If an attribute value contains characters that are not low-ASCII, then SAML sign-in failures occur.