Posture Control (DSPM)

Configuring Okta as an IdP

This article provides information on how to configure Okta as an identity provider (IdP) for single sign-on (SSO).

Prerequisites

Ensure you have an Okta account with admin privileges.

Configuring Okta

To configure Okta as an IdP for SSO:

1. Download the XML metadata from the DSPM Admin Portal.
1. Go to Administration > Single Sign On.
2. Click Add IdP Configuration.
3. Click Download XML Metadata.
  See image.
  Close
  The XML Metadata contains the following information which you need to provide while configuring Okta:
  - Name Identifier Format: DSPM only supports email address as the Name ID format.
  - Entity ID: A unique identifier for a SAML entity.
  - Assertion Consumer Service (ACS) URL: DSPM destination URL where the SAML response must be sent to by the IdP.
  See image.
  Close
Close
2. Configure Okta for SSO.
1. Log in to the Okta portal as an administrator.
2. Go to Applications > Applications.
3. Click Create App Integration.
  See image.
  Close
4. In the Create a new app integration window, select SAML 2.0, and click Next.
  See image.
  Close
5. In the General Settings tab, enter your App Name, and click Next.
  See image.
  Close
6. Under SAML Settings:
  - For Single sign-on URL, enter the AssertionConsumerService location URL provided in the XML Metadata that you downloaded from the DSPM Admin Portal.
  - Select the Use this for Recipient URL and Destination URL checkbox.
  - For Audience URI (SP Entity ID), enter the entityID provided in the XML Metadata that you downloaded from the DSPM Admin Portal.
  - From the Name ID format drop-down menu, select EmailAddress from the drop-down menu.
  See image.
  Close
7. Click Next.
8. Select I'm an Okta customer adding an internal app, then click Finish.
9. On the Sign On tab, under SAML 2.0, click More details. Copy and save the Sign on URL and Issuer because you need them when adding identity providers .
  See image.
  Close
10. Under Signing Certificate, click Download to download the IdP certificate.
  See image.
  Close
Close
3. Add Okta IdP in the DSPM Admin Portal.
Add Okta IdP configuration for the tenant.
You can add only a single IdP configuration for one tenant.
Close
4. Assign users or groups via Okta.
1. Log in to the Okta portal as an administrator.
2. Go to Applications > Applications.
3. Select the application that you created when configuring Okta for SSO.
4. Click Assignments.
5. Select Assign > Assign to People or Assign to Groups depending on whether you want to assign access to a single user or a group of users.
  See image.
  Close
6. In the window that appears, click Assign for the user or group you want to select, then click Done.
  See image.
  Close
7. Repeat the previous step for all users and groups you want to assign to DSPM.
Close
5. Configure group attributes in Okta.
1. Log in to the Okta portal as an administrator.
2. Go to Applications > Applications.
3. Select the application that you created when configuring Okta for SSO.
4. Select General and scroll down to the SAML Settings section, and click Edit.
5. On the General Settings page, click Next.
6. On the Configure SAML page, under Group Attribute Statements (optional):
  - Name: Enter http://schemas.xmlsoap.org/claims/Group.
  - Name Format: Select URI Reference from the drop-down menu.
  - Filter: You can select the required value (Starts with, Equals, Contains, and Matches Regex) from the drop-down menu. This value is used to match against the Okta group name values and added to the SAML assertion.
  See image.
  Close
7. Click Next, and then click Finish.
Close

Posture Control (DSPM)

Configuring Okta as an IdP

Prerequisites

Configuring Okta

Was this article helpful? Click an icon below to submit feedback.

Related Articles