Before getting started you will need to have the following
- A functioning InsightCloudSec platform
- Appropriate InsightCloudSec permissions (Domain Admin or Org Admin)
- Administrative access for your Okta account
- Ensure you have set your Base URL within InsightCloudSec. This is specified under Administration > System Administration on the System tab under General Settings, for example
For questions or issues reach out to us through the Customer Support Portal.
Value Names (DivvyCloud vs. InsightCloudSec)
Some components, screen captures, examples, and values use our former product name (DivvyCloud vs. InsightCloudSec). Updates to the naming of these components will be communicated when changes are made, but note that the name difference does not affect functionality within the product.
Okta Console Steps (Part 1)
- Open Okta, locate Applications on the main toolbar, and click Add Applications.
- Click the button to Create New App with the following parameters:
- Select Web as the platform.
- Select SAML 2.0 as the sign-on method.
- Click Create to launch the Create SAML Integration process in Okta.
- Complete the settings for the application as desired, for example:
- App Name, e.g., ‘DivvyCloud SSO’.
- App logo (optional).
- Click Next to move to the Configure SAML Step.
- You will need to return to InsightCloudSec to grab details to complete this portion of the configuration within Okta.
InsightCloudSec Console Steps (Part 1)
- Navigate to Administration > Identity Management and click on the Authentication Servers tab.
- Click on the Add Server button and complete the form as follows:
- Provide a nickname for your server.
- Select SAML as the Server Type.
- Selecting SAML will provide a form that includes the two URLs required for the Okta configuration. For example:
Okta Console Steps (Part 2)
These steps assume that you have the required URLs from the Create Authentication Server window in InsightCloudSec.
- In the Create SAML Integration form - 2 Configure SAML enter the two URLs from InsightCloudSec into the Okta configuration.
- Single Sign on URL is InsightCloudSec's Assertion Consumer Service URL.
- Audience URI is InsightCloudSec's Metadata Identify URL.
- All other options can be left at default values.
- Click Next to move to the Feedback section and complete creation of your Okta configuration.
- Select I am an Okta customer adding an internal app.
- Check This is an internal app that we have created.
- Click Finish to complete your application setup. This will redirect to your finalized application page.
- Click on View Setup Instructions to view the full XML details. Note the following information for your Okta configuration in InsightCloudSec:
- Identity Provider Single Sign-On URL
- Identity Provider Issuer
- X.509 Certificate
InsightCloudSec Console Steps (Part 2)
These steps assume you are still working from the Administration > Identity Management on the Authentication Servers tab with an active window to create a new Okta SSO Setup with a SAML Authentication server.
Complete creation of the authentication server.
- Select the Global Scope checkbox if you want to use this server across multiple InsightCloudSec Organizations. Learn more about Organizations.
- Note the following fields are the minimum required (all subsequent fields will vary/are optional based on your environment and requirements)
- Idp Entity ID/Metadata URL
- SSO URL
- Idp x509 Certificate
For any fields labeled JIT, these options refer to our Just In-Time Provisioning capabilities, you can read details on these capabilities in our Just In-Time User Provisioning (Authentication Server Support) documentation.
Click Submit once you have completed your desired setup. Your new server will be displayed under the Administration > Identity Management > Authentication Servers tab.