Configure Okta as a SAML source

Create the SAML 2.0 application in Okta

  1. Navigate to Applications and click Create App Integration.
  2. Click SAML 2.0 as the Sign-In method.
  3. Click Create your own application.
  4. Name the application. We recommend Rapid7 InsightVM Console
  5. Click Next.
  6. In the Single sign on URL field, paste the InsightVM Console ACS URL: https://<console-hostname>:<console-port>/saml/SSO
  7. If the ACS URL contains hostname/FQDN, set a Base Entity URL in the InsightVM Security Console.
  8. In the Audience URI (SP Entity id) field, paste the entity ID that you copied from the Security Console (http://rapid7.com/nsc/console/…).
  9. Set the Name ID format to EmailAddress.
  10. Set Application username to Email.
  11. (Optional) Add a custom Attribute Statement and set it to: emailaddress > unspecified > user.mail
  12. Click Next and then click Finish.

Copy and upload IDP metadata

  1. Navigate to the Sign On tab of your newly configured Okta application.
  2. Under Settings, click View Setup Instructions.
  3. In the Optional section, copy the contents of the IDP metadata field.
  4. In the Security Console, go the Administration page.
  5. In the Console section, click Authentication: 2FA and SSO.
  6. Click Configure SAML Source.
  7. Click Choose File and select the metadata file.
  8. Click Save.
  9. Restart the console services.

Create a user in the Console

  1. On the Administration page, under User Management, click Add User.
  2. Complete the required User Information fields. The E-mail address field is case sensitive, and must exactly match the existing IdP user account email value.
  3. Select SAML Authorization Method > SAML.
  4. Select the User Role.
  5. Assign Site and Asset Group Permissions.
  6. Click Save.

Authenticate to InsightVM using SAML

  1. Login to your Okta application landing page.
  2. Select the Rapid7 InsightVM Console tile.