Okta: Configuring Forcepoint Data Security Cloud | SSE as a SAML SP

You can configure Okta to support Forcepoint Data Security Cloud | SSE as a SAML Service Provider. Admin can use the registered application available in Okta for easy configuration.

Forcepoint Data Security Cloud | SSE provides a predefined app within Okta for quick setup. However, the predefined app should only be used if Okta is your first IdP that you are adding to Forcepoint Data Security Cloud | SSE and you do not intend to customize SAML parameters or add custom SAML attributes.

When adding an external IdP to Forcepoint Data Security Cloud | SSE, the first IdP that is created will have an Entity ID of https://sso.bitglass.com. This will work fine if you are deploying Forcepoint Data Security Cloud | SSE and Okta is the first IdP that you are adding to Forcepoint Data Security Cloud | SSE. However, if you create or add a secondary IdP to Forcepoint Data Security Cloud | SSE, the Entity ID will be https://saml.bitglass.com/<string> where the <string> is a randomly generated value that tells Forcepoint Data Security Cloud | SSE which tenant and email domain the assertion is valid for. The Forcepoint Data Security Cloud | SSE default app inside of Okta does not allow you to change the Entity ID which is configured as https://sso.bitglass.com.

If Okta is not the first IdP that you are adding to Forcepoint Data Security Cloud | SSE, then you will need to change the Audience URI (SP Entity ID) field to https://saml.bitglass.com/<string> that you find on Forcepoint Data Security Cloud | SSE's SAML Authentication page.

Note: Forcepoint Data Security Cloud | SSE UI supports UTF-8 characters. However, the SAML assertion only supports low-ASCII characters as attribute values. If an attribute value contains characters that are not low-ASCII, then SAML sign-in failures occur.