Okta SAML Integration

This article will help you to integrate Okta into Safous ZTNA service as the external Identity Provider for authentication. Before continuing the steps in this article, please ensure you already have:

  • Know the basic information about Safous ZTNA SAML configuration here.
  • Have an account in Okta with Admin privilege.

Setup Okta SAML Application in Okta Admin Console

  1. Login to https://<tenant>.okta.com/admin/apps/active.
  2. Proceed to create a new app integration, and select SAML 2.0
  3. Input your App Name and click Next
  4. Fill in "Single sign-on URL" and "Audience URI" with these details:
    1. Single sign-on URL: https://login.<tenant>.ztna.safous.com:443/v1/auth/saml/1/callback
    2. Audience URI: the app name that you inputted previously
  5. Configure Name ID Format and Attribute statements
  6. You can check the attribute statement by clicking Preview the SAML Assertion. 

    If the attribute is right, then you can proceed by clicking Next.
  7. In the Feedback section, fill both questions and Click Finish.
  8. In the Application that you just created, go to Assignments section and assign People/Groups that you want to use.
  9. After you assigned users/groups that will be used in this application, Go to Sign On and click View SAML setup instructions. We'll use the information in the instruction to set up IdP in your Safous Admin Portal.
  10. In SAML setup instructions you can take note of these values that will be needed for configuring IdP in the Safous Admin Portal.
    • Identity Provider Single Sign-On URL, which is the SSO URL.
    • Identity Provider Issuer, which is the SSO Issuer.
    • X.509 Certificate, which is the CA Trusted Certificate.

Setup IdP in Safous Admin Portal

  1. Login to https://portal.safous.com/
  2. Go to Settings ZTNA
  3. In Configurations, choose Identity Provider. Click New IdP, which will expand the form of IDP