How to Configure SAML 2.0 Authentication Between MetaDefender Sandbox and Okta?

Overview

This article provides step-by-step instructions for configuring SAML 2.0 authentication between MetaDefender Sandbox and Okta. This integration enables single sign-on (SSO) capabilities for your MetaDefender Sandbox users.

Prerequisites

• MetaDefender Sandbox version 2.2.0 or later (SAML 2.0 support is not available in earlier versions)
• Administrative access to MetaDefender Sandbox
• Administrative access to your Okta tenant
• Valid SSL certificates for secure communication

Steps to Configure

Step 1: Configure MetaDefender Sandbox for SAML 2.0

1. Access your MetaDefender Sandbox administration panel.
2. Navigate to Settings → Authentication → External
3. Press Add service button, then select SAML 2.0
4. In the Service Key field, enter okta.
5. Note the redirect URL that is generated - you will need this for Okta configuration.

Step 2: Obtain Required Information from Okta

The following SAML parameters must be obtained from your Okta administration portal:

1. Entity ID: Available in your Okta SAML application settings.
2. Sign-on URL: The SAML SSO URL provided by Okta.
3. Certificate: The X.509 certificate from your Okta SAML application.

To find these in Okta:

1. Log into your Okta admin console.
2. Navigate to Applications → Applications.
3. Select your SAML application (or create a new one).
4. Go to the Sign On tab.
5. Locate the SAML Signing Certificates section.
6. Copy the Identity Provider metadata values.

Step 3: Complete MetaDefender Sandbox Configuration

1. Return to your MetaDefender Sandbox SAML configuration.
2. Enter the Entity ID from Okta.
3. Enter the Sign-on URL from Okta (this is the SSO URL, not the redirect URL).
4. Paste the certificate from Okta.
5. Save the configuration.

Step 4: Configure Okta Application

1. In your Okta SAML application settings.
2. Set the Single sign on URL to the redirect URL generated by MetaDefender Sandbox.
3. Configure appropriate user assignments and attribute mappings.
4. Test the application assignment.

Verify the Change

1. Save all configurations in both systems.
2. Test the SAML connection using Okta's application testing feature.
3. Attempt to log into MetaDefender Sandbox using SAML authentication.
4. Verify that user attributes are properly mapped.
5. Check MetaDefender Sandbox logs for any authentication errors.

Troubleshooting

Issue: SAML 2.0 option not available

Resolution: Verify you are using MetaDefender Sandbox version 2.2.0 or later.

Issue: Cannot find sign-on URL in Sandbox

Resolution: The sign-on URL comes from Okta, not from MetaDefender Sandbox. Check your Okta SAML application metadata.

Issue: Authentication fails after configuration

Resolution:

• Verify certificate validity and format.
• Check that URLs are correctly configured in both systems.
• Ensure user assignments are properly configured in Okta.
• Review attribute mappings between Okta and MetaDefender Sandbox.

Issue: Missing redirect URL

Resolution: Ensure you have entered "okta" in the service key field to generate the redirect URL.