Title
Create new category
Edit page index title
Edit category
Edit link
Okta IdP with a protected app through Okta Access Gateway
My OPSWAT Central Management can be easily integrated with an existing Okta Access Gateway to ensure that a device is compliant with the organization's security policy before it is granted access to protected applications which connected with Okta Access Gateway. This ensures that the device is not only authenticated by the IdP, but also tested for risks and vulnerabilities such as infections or unpatched versions of operating systems BEFORE it accesses an organization's on-premise applications.
To get started with implementing My OPSWAT Central Management integration to enforce device posture check before granting a device to access protected applications with Okta Access Gateway, you need to have your protected app configured on Okta Access Gateway and configured Okta tenant as an IdP for Okta Access Gateway. If you haven't already done so, please follow the instructions on Okta Help Center to add your applications to Okta Access Gateway.
Note: Please be aware that this integration needs to update SAML settings of the protected app on Okta, and you need to re-do that if you make any changes of the app on Okta Access Gateway to make sure that a connection between Okta and OPSWAT MetaAccess still exists.
You can learn more details for each step here at 3.1.1. How to set it up?
- Step 1. Enable Access Control on your My OPSWAT Central Management account
- Step 2. Add protected applications with IdP Method
- Step 3. Configure Access Rules
- Step 4. Update Applications settings on Identity Provider
- Step 5: Test your integration
Step 1. Enable Access Control on your My OPSWAT Central Management account
- Login to the My OPSWAT Central Management console.
- Navigate to Access Control and then Configurations
- Check on "Enable access control" and configure a port for the cross-domain API. Note that you must select a port which no applications on endpoints are running.
- Click SAVE.

Step 2. Add protected applications with IdP Method
- Download Okta IdP certificate: the next step is importing an Okta X.509 certificate to My OPSWAT Central Management. This allows My OPSWAT Central Management to verify users signing though a trusted IdP, Okta. Each identity provider has a unique X.509 certificate. Download the Okta X509 certificate by following these steps:
- Log into Okta as Administrator
- Switch to Admin mode

3. Go to Applications dashboard

4. Select your application
5. Go to Sign On tab and click View Setup Instruction **

**
6. Click Download certificate to download Okta certificate

- Collect the application ACS URL and IdP SSO login URL
- In Okta Administrator console, select Applications, then select your protected application
- The Assertion Consumer Service URL is the Single sign on URL on the SAML Settings section on the General tab

- on the General tab, scroll down to App Embed Link section,
- The IdP SSO login URL is the embed link

- Add the Okta Identity Provider. If you already have Okta IdP settings on your My OPSWAT Central Management account, go to step 2.5 to add your application.
- Login to the My OPSWAT Central Management
- Navigate to Access Control and then Configurations
- On the Identity Providers tab, click "Add New Identity Provider" to add your IdP
- Fill in required fields for the Identity Provider
- IdP Name: an IdP name, for example, Okta
- IdP Certificate: upload Okta certificate you downloaded in Step 2.1

- Click Add IDP
- Click SAVE CHANGES
- Add your protected application:
- Expand the Okta IdP settings you have just added in Step 2.4 above.
- Click Add New Application
- Fill required fields. Other optional settings are in the Advanced Settings
- Application: application name, for example, Protected Application
- IdP Login URL: IdP SSO login URL which you have from step 2.2
- Application Login URL: application login URL which you have from Step 2.2
- Access Mode: pick an access mode you prefer. See details on the access modes at Step 2. Add protected applications with IdP Method

- Click SAVE CHANGES
- After saving your changes successfully, click Setup Instructions of your application, you have just added and then copy the URL My OPSWAT Central Management generated there. This URL is used to replace Single sign on URL of the application on Okta in Step 4.

Note: you can add your application (step 2.5) when you add Okta IdP settings.
Step 3. Configure Access Rules
On My OPSWAT Central Management console, navigate to Access Control and then Configurations
On Access Rules tab, click "ADD NEW RULE" to add a new rule for this application OR you can update existing access rules to add this application
With a new access rule, you need to specify how you would like to block/allow access a device from the application
- Rule name: a rule name, for example Block non-compliant devices
- Action: Block or Allow
- Configure conditions to do the action. Details at Step 3. Configure Access Rules
Click ADD RULE

Step 4. Update Applications settings on Identity Provider
- Login to Okta as administrator
- Navigate to Applications dashboard
- Select your application
- On General tab, click Edit on the SAML Settings section

- Click Next on the first screen
- uncheck " Use this for Recipient URL and Destination URL" option first so that we can configure different URL for Single sign on URL and recipient URL.
- replace Single sign on URL with the My OPSWAT Central Management URL which you got from Step 2.6

- Click Next
- Click Finish
Step 5: Test your integration
Follow guideline here to test your integration to verify if it works as your expectation.
DONE! CONGRATULATIONS.