Okta

Using SAML

Create Okta application

1. Access https://www.okta.com/login/ to log in.
2. In sidebar of dashboard, hit "Applications" to drop sub items down, then select "Applications".
3. Hit "Create App Integration".

4. In "Sign-in method", choose "SAML 2.0" and hit "Next".

5. Fill "App name", MDCore-SAML for example and hit "Next".

Create SAML directory on MetaDefender Core

1. Login to MetaDefender Core management console.
2. Under "Dashboard", hit "User Management" in sidebar.
3. Under "User Management", choose "Directories" tab and hit "Add directory" on the top right

4. In "Add Directory" page, choose "SAML" in Directory Type.
5. Fill "Name" of the new directory, MDCore-SAML for example.
6. Under "Service Provider", fill in "Host or IP" where MetaDefender Core is being hosted, https://localhost:8008 for this example.

Configure Okta

1. Switch to "Applications" screen on Okta home page.
2. Paste the "Login URL" from MetaDefender Core into "Single sign on URL" and set id for "Audience URI," metadefender_core_saml for example.

3. Scroll down, navigate to "Attribute Statements" and set mapping from Okta key name to the one set at "User identified by" on MetaDefender Core, then hit "Next".

4. Choose your answer at "Feedback" screen and hit "Finish".
5. On next screen, navigate to "SAML Signing Certificates", choose row that has value of column "Status" is "Active" then hit "Actions" and hit "View IdP metadata".

6. Copy SAML Metadata link

7. Switch to "Applications" screen on Okta, navigate to "Assignments" tab, and assign users for the application.

Complete configuration on MetaDefender Core

1. Switch to MetaDefender Core screen, under "Identity Provider", hit on "Fetch URL".
2. Paste "SAML Metadata link" from Okta to the box under "Fetch URL" and hit "OK" to ensure MetaDefender Core can set Okta as its IdP.

3. Under "Service Provider", fill in user identity under "User identified" by with ${first_name}${last_name}_ for example.
4. Select correct role for the user under "User Role".
5. Hit "Add" to complete the settings.

6. On screen "User Management", toggle the new directory, MDCORE-SAML in this example. A dialog box is shown to confirm the action. Once "Enable" is hit, all existing sessions will be expired immediately and Okta will be used to authenticate users going forward.

Test the integration

1. Browse MetaDefender Core, hit "Login", user is redirected to Okta's login page.

2. Login by the account registered in Okta.
3. If everything goes right, MetaDefender Core dashboard is shown with user identity set at the top right corner.

4. For troubleshooting, browse <mdcore-host>#/public/backuplogin.

Test IdP-initiated login

1. Login to Okta management page.
2. Navigate to "Applications" / "Applications" on sidebar.
3. Select the active SAML application.

4. In tab Sign On, find and hit "View SAML setup instructions" button.

5. In new page, copy the URL under "Identity Provider Single Sign-On URL" section.

6. Paste the copied URL to browser and login.

3. If everything goes right, MetaDefender Core dashboard is shown with user identity set at the top right corner.

4. For troubleshooting, browse <mdcore-host>#/public/backuplogin.

Using OpenID Connect

Create Okta application

1. Access https://www.okta.com/login/ to log in.
2. In sidebar of dashboard, hit "Applications" to drop sub items down, then select "Applications".
3. Hit "Create App Integration".

4. In "Sign-in method", choose "OIDC - OpenID Connect", and in "Application type" choose "Web Application" and hit "Next".

5. Fill "App name", MDCore-SAML for example and hit "Next".

Create OIDC directory on MetaDefender Core

1. Login to MetaDefender Core management console.
2. Under "Dashboard", hit "User Management" in sidebar.
3. Under "User Management", choose "Directories" tab and hit "Add directory" on the top right

4. In "Add Directory" page, choose "OIDC" in Directory Type.
5. Fill "Name" of the new directory, MDCore-OIDC for example.
6. Under "Service Provider", fill in "Host or IP" where MetaDefender Core is being hosted, https://localhost:8008 for this example.

Configure Okta

1. Switch to "Applications" screen on Okta home page.
2. Paste the "Login URL" from MetaDefender Core into "Sign-in redirect URIs" and grant permission for everyone to access our application in "Assignments" then hit "Save".

3. Copy "Client ID" and "Client Secrects".

Complete configuration on MetaDefender Core

1. Switch to MetaDefender Core screen, under "Identity Provider", hit on "Fetch URL".
2. OIDC link will be built by appending /.well-known/openid-configuration to your okta domain url (Referred Okta document). For example dev-115662.okta.com/.well-known/openid-configuration
3. Paste OIDC configuration link above to the box under "Fetch URL" and hit "OK" to ensure MetaDefender Core can set Okta as its IdP.

4. Under section Service Provider, paste the value of "Client ID" and "Client secrets" that you copied from Okta respectively.

4. Under "Service Provider", fill in user identity under "User identified" by with ${first_name}${last_name}_ for example.
5. Select correct role for the user under "User Role".
6. Hit "Add" to complete the settings.

7. On screen "User Management", toggle the new directory, MDCORE-OIDC in this example. A dialog box is shown to confirm the action. Once "Enable" is hit, all existing sessions will be expired immediately and Okta will be used to authenticate users going forward.

Test the integration

1. Browse MetaDefender Core, hit "Login", user is redirected to Okta's login page.

2. Login by the account registered in Okta.
3. If everything goes right, MetaDefender Core dashboard is shown with user identity set at the top right corner.

4. For troubleshooting, browse <mdcore-host>#/public/backuplogin.