Title
Create new category
Edit page index title
Edit category
Edit link
Okta IdP with Slack
My OPSWAT Central Management can be easily integrated with an existing Okta Slack integration to ensure that a device is compliant with the organization's security policy before it is granted access to Slack. This ensures that the device is not only authenticated by the IdP, but also tested for risks and vulnerabilities such as infections or unpatched versions of operating systems, BEFORE it access an organization's cloud services.
o get started with implementing My OPSWAT Central Management integration to enforce device posture check before granting a device to access Salesforce with Okta Single Sign On (SSO) service, you need to have SSO set up between Okta and Salesforce. If you haven't already done so, please follow the instructiosn here to set it up.
You can learn more details for each step here at 3.1.1. How to set it up?
- Step 1. Enable Access Control on your My OPSWAT Central Management account
- Step 2. Add protected applications with IdP Method
- Step 3. Configure Access Rules
- Step 4. Update Applications settings on Identity Provider
- Step 5. Configure SSO settings on applications
- Step 6: Test your integration
Step 1. Enable Access Control on your My OPSWAT Central Management account
- Login to the My OPSWAT Central Management console.
- Navigate to Access Control and then Configurations
- Check on the box **"Enable access control**" and configure a port for the cross-domain API. Note that you must select a port which no applications on endpoints is running.
- Click SAVE.

Step 2. Add protected applications with IdP Method
- Download Okta IdP: the next step is importing an Okta X.509 certificate to My OPSWAT Central Management. This allows My OPSWAT Central Management to verify users signing though a trusted IdP, Okta. Each identity provider has a unique X.509 certificate. Download the Okta X509 certificate by following these steps:
- Login to Okta as Administrator
- Switch to Admin mode

3. Go to Applications dashboard

4. Select the Slack application which you just added above
5. Go to Sign On tab and click View Setup Instruction **

**
6. Copy the Okta certificate and save it to a file, for example okta.cert. Note that the certificate string should be begin with "-----BEGIN CERTIFICATE-----" and end with "-----END CERTIFICATE-----" as the below screenshot.

- Slack LoginURL: is a Slack single sign-on post back URL of your organization's Slack, for example https://yoursubdomain.slack.com/sso/saml
- Collect Slack Logout URL: you can find this URL inside of Slack
- Log in to Slack
- You can find "Sign out of <your_subdomain>" link when you click on your name
- Right-click Sign out of <your_subdomain> link and select "Copy link address" to copy logout URL

- Add the Okta Identity Provider. If you already have Okta IdP settings on your My OPSWAT Central Management account, go to 5 to add Slack application.
- Login to the My OPSWAT Central Management console.
- Navigate to Access Control and then Configurations
- On the Identity Providers tab, click "Add New Identity Provider" to add your IdP
- Fill in required fields for the Identity Provider
- IdP Name: an IdP name, for example: Okta
- IdP Certificate: upload Okta certificate you downloaded in Step 2.1

5. Click Add IDP
6. Click SAVE
- Add the Slack application:
- Expand the Okta IdP settings you have just added in Step 2.4 above.
- Click Add New Application
- Enter required field
- Application: application name, for example: Slack
- Login URL: application login URL which you have from Step 2.2
- Logout URL: application logout URL which you have from Step 2.3
- Access Mode: pick an access mode you prefer. See details on the access modes at Step 2. Add protected applications with IdP Method

4. Click SAVE
- After saving your changes sucessfully, click the Setup Instructions button of the Slack application you have just added and then copy the URL MetaAccess generated there. This URL is used to replace Slack domain on Okta in Step 4.

Note: you can add Slack application (step 2.5) when you add Okta IdP settings.
Step 3. Configure Access Rules
On My OPSWAT Central Management console, navigate to Access Control and then Configurations
On Access Rules tab, click "ADD NEW RULE" to add a new rule for this application OR you can update existing access rules to add this application
With a new access rule, you need to specify how you would like to block/allow access a device from the application
- Rule name: a rule name, for example Block non-compliant devices
- Action: Block or Allow
- Configure conditions to do the action. Details at Step 3. Configure Access Rules
Click ADD RULE

Step 4. Update Applications settings on Identity Provider
- Login to Okta as administrator
- Go to Applications dashboard
- Select Slack application
- On General tab, click Edit on the App Settings box

- Replace Domain with the My OPSWAT Central Management URL which you got from Step 2.6 and click SAVE

Step 5. Configure SSO settings on applications
- On My OPSWAT Central Management console, navigate to Access Control > Configurations
- Click Download OPSWAT certificate to download a self-signed certificate My OPSWAT Central Management generated for your account

- Login to Slack as a workspace owner
- Navigate to Workspace settings > Authentication, click Change Settings on the SAML Authentication Settings

- Click Edit on Public Certificate and copy your OPSWAT certificate from your My OPSWAT Central Management account which you downloaded from Step 5.1

- Click Save Configuration
Step 6: Test your integration
Follow guideline at Step 6: Test your integration to test your integration to verify if it works as your expectation.
DONE! CONGRATULATIONS.
Known issues
- MetaAccess couldn't do on-going monitor if a user logs into Slack by Slack app