Configure Okta with Password Safe

  1. Log in to the Okta admin portal.

    Screen Capture of Okta Add Application Button

  2. Click Add Application.

Screen Capture of Okta Create New App Button

  1. Click Create New App.

  2. Select SAML 2.0 as the sign-in method.

Screen capture of SAML 2.0 option and the Create Button in Okta Create New Application Itegration

  1. Click Create.

Screen capture of adding an App Name in the Okta Create SAML Integration window

  1. Enter the application name, and then click Next.

  2. Enter the single sign on URL:

    https://ServerURL/eEye.RetinaCSSAML/saml/AssertionConsumerService.aspx

  3. Check the Use this for Recipient and Destination URL box.
  4. Enter the audience URI (SP entity ID):

    https://<ServerURL>/eEye.RetinaCSSAML

Screen Capture of Select Okta Username in SAML Settings Create SAML Integration

  1. From the Application username list, select Okta username.

 

SLO Optional Setting

  1. Click Show Advanced Settings.
  2. Select Enable Single Logout.
  3. Fill in the Single Logout URL:

    H​TTPS://<FQDN>/eEye.RetinaCSSAML/SAML/SLOService.aspx

  4. Fill in the SP Issuer: HTTPS://<FQDN>/eEye.Re​tinaCSSAML.
  5. Select the SP Public Certificate.cer certificate.
  6. Click Upload Certificate.

Set Okta attributes for the Attiribute Statement in SAML Settings

  1. Add attributes, and then click Next.
    • Group: Set as a literal. This must match the group created in BeyondInsight or imported from AD. If an AD group is used, it must match the BI format Domain\GroupName.
    • Name: (optional)
    • Email: (optional)
    • Surname: (optional)
    • GivenName: (optional)

     

Screen capture of settings for Okta Support

  1. Select appropriate settings for Okta support, and then click Finish.
  2.  

Screen Capture of View Setup Instructions for SAML 2.0 Settings

  1. Click View Setup Instructions.

 

Screenshot of OKTA Configuration details to use in following steps.

  1. Copy the Identity Provider Single Sign-On URL. Save the value to be used in the next step.
  2. Copy the Identity Provider Issuer. Save the value to be used in the next step.
  3. Click Download certificate.

 

Configure SAML in Password Safe

  1. Go to the Dashboard or Menu and click Configuration, then, under Multi-Factor Authentication, click SAML Configuration.

Screenshot of SAML Configuration information fields, with OKTA values entered.

  1. For Entity ID, enter the Okta value Identity Provider Issuer.
  2. For Single Sign-on Service URL, enter the Okta value Identity Provider Single Sign-On URL.
  3. If available, set Single Logout Service URL to Okta value Identity Provider Single Logout URL.
  4. Click HTTP POST Protocol Binding for SSO and SLO.

 

Screenshot of SAML Configuration details of Service Provider certificate and update button.

  1. Under Encryption and Signing Configuration, check applicable boxes. A typical configuration is shown; however, depending on your Okta settings, some configuration selections may be different.

 

Screenshot of SAML Configuration Service Provider settings, and Save button.

  1. Upload Okta X.509 certificate.

 

Download Certificate from the Service Provider Settings page

  1. Enter the service provider Entity ID.
  2. Click SAVE SAML CONFIGURATION.
  3. Once the SAML configuration is saved, a public SP certificate is available to download. It can be uploaded to the IdP if required.