Security Assertion Markup Language (SAML) is an easy way for your users to authenticate and access Phishing Tackle. This knowledge base article will explain how to configure SAML 2.0 in OKTA.
If you have configured White Labelling, please ensure that you use your organisation's White Labelled login page to log in. The URL used to access the platform will be used to configure SAML.
Steps to configure Single Sign-on in OKTA:
- How to access your SAML 2.0 settings in Phishing Tackle
- OKTA General settings
- How to Configure OKTA SAML Settings
- Feedback
- How to Configure SAML in Phishing Tackle
- Assign users and groups
- Enable Single Sign-on (SAML2) in Phishing Tackle
How to access your SAML 2.0 settings in Phishing Tackle
- Under Setup in the left-hand column, click "Organisation" and then click "Settings".
- Click the option "Single Sign-on (SAML2)".
OKTA General settings
- Login to OKTA with an admin account and visit the admin dashboard.
- In the OKTA menu click "Applications", then click "Applications" again.
- Click "Create App integration".
- select the option "SAML 2.0" then click "Next".
- Give the app a name, then click "Next".
How to Configure OKTA SAML Settings
- Open your SAML 2.0 settings in Phishing Tackle. Step 1 explains how to access these settings.
- Copy the "Reply URL (Assertion Consumer Service URL)" (In Phishing Tackle) to "Single sign on URL
- In "Set Audience URI (SP Entity ID)" in
-
Change Name ID format from "Unspecified" to "EmailAddress".
- Click "Show advanced settings".
- Do not change the SAML Issuer ID, leave this field empty.
- Add an Attribute Statement.
In "Name" enter: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress (denoting the Email Claim Type which is required for login).
Change "Name format" to: "URI Reference".
Change "Value" to: "user.email".
- Click "Next".
- Your final settings should look like the image below.
Feedback
- For question 1 select "I'm an Okta customer adding an internal app".
- For question 2 select "This is an internal app that we have created".
- Click "Finish".
How to Configure OKTA In Phishing Tackle
- In the OKTA menu click "Applications", then click "Applications" again.
- Click on your new application
- Select the "Sign On" tab.
- Scroll down on the "Sign On" page and click "View SAML setup instructions".
- In the Phishing Tackle "Single Sign-on (SAML2)" settings page in "Identifier (Entity ID)" enter "PhishingTackle".
- Copy the "Identity Provider Single Sign-On URL:" (In OKTA) to "Identity Provider Sign on URL
- Copy the "Identity Provider Issuer:" (In OKTA) to "Identifier Provider Id
- Copy the "X.509 Certificate:" (In OKTA) to "Identity Provider SAML Base64 Signing Certificate
- Click "Save".
Assign users and groups
- In the OKTA menu click "Applications", then click "Applications" again.
- Click on your new application.
- Click "Assign".
- Select the users or groups you would like to use SAML to login.
Enable Single Sign-on (SAML2) in Phishing Tackle
Once you are happy with the users and groups permitted to use the application, enable Single Sign-on (SAML2) in Phishing Tackle.
- Enter a description for the SAML configuration.
- Click "Enabled".
- Click "Save".
- Please ensure to clear all cookies before logging back in. Your users can now access Phishing Tackle and use SAML to login.
If you need any assistance with configuring SAML 2.0 for OKTA, please contact our support team by clicking here.