Skip to main content

Cyware Situational Awareness Platform

Setup SAML SSO Integration for Collaborate using Okta

Single sign-on (SSO) is a method for authenticating users where a single set of credentials can be used to log into several different applications. In Collaborate, using Okta as an Identity Provider (IdP) admin can enable SSO using Security Assertion Markup Language (SAML). SAML is an XML-based protocol used for exchanging, authenticating, and authorizing data between applications. Within the SAML workflow, Okta acts as IdP and Collaborate as the Service Provider (SP). With SSO, you use one password to access all of your applications, which reduces password fatigue.

Before you start

  • Make sure you have the admin role assigned.

  • Ensure you have the Assertion Consumer URL, Entity ID, and Certificate from Collaborate.

  • Ensure you have View and Update permissions to configure SAML 2.0 in Collaborate.

Steps

To integrate SAML-based SSO for Collaborate using Okta, follow these steps:

  1. Create users in the Collaborate application with the email as per the SSO. For more information, see Add Privileged Users.

  2. Fetch Assertion Consumer URL and Entity ID from Collaborate and upload the certificate and private key for authentication request.

  3. Configure SAML 2.0 App and generate a self-signed certificate for Collaborate on Okta.

  4. Configure SAML for Okta on Collaborate.

  5. Sign in to Collaborate using Okta.

Retrieve SAML Details and Manage Certificate in Collaborate

To fetch the Assertion Consumer URL and Entity ID from the Collaborate application and upload the certificate for creating an authentication request, follow these steps:

  1. Sign in to the Collaborate application as admin.

  2. In the Integration module, select Authentication Methods > Analyst Dashboard > SAML 2.0.

  3. From the Service Provider section, copy the Assertion Consumer URL and Entity ID. You need to enter these values while setting up the SAML 2.0 app in Okta.

  4. In Certificate, upload a self-signed certificate and private key for authentication. Click the information icon next to Certificate for instructions on generating them.

Configure SAML 2.0 for CSAP on Okta

To set up SAML 2.0 for the CSAP application, follow the below steps to generate the SSO URL and Certificate:

  1. Sign in to Okta as an admin.

  2. From the main hamburger menu, click Applications.

  3. Click Create App Integration.

  4. Select SAML 2.0 and click Create.

  5. In the General Settings tab, enter the App name as CSAP SSO and do not select any App visibility options. Click Next.

  6. In SAML Settings, enter the Assertion Consumer URL you retrieved from Collaborate in the Single sign-on URL field. Ensure that the URL includes the required trailing slash (/).

  7. For Audience URI (SP Entity ID), enter the Entity ID.

  8. Select Name ID format as Persistent and Application username as Okta username. The value for the Name ID format must be set to Persistent so that your IdP sends the same unique value for the NameID element in all SAML requests from a particular user. If you set it to anything else, the user will have a different saml: sub value for each session, and is not secure.

  9. For Advanced Section, select Response as Unsigned, Assertion Signature as Signed, Assertion Encryption as UnEncrypted. These options ensure that the SAML authentication message is digitally signed by the IDP, and it restricts login to the SAML app only from browsers that have the signed certificate.

  10. Select Next.

  11. Select I'm a software vendor. I'd like to integrate my app with Okta and click Finish. You have now successfully created an application for the SAML integration. This application will have the details of the IdP URL and Certificate which you’ll need to add to the CSAP application to complete the SSO integration.

  12. On Okta, you can find the Identity Provider SSO details at Applications > Sign On > View Setup Instructions.

  13. Download the identity provider metadata in the form of an .XML file by clicking Identity Provider metadata. You should upload this XML into the CSAP application while configuring SAML 2.0.

Configure SAML 2.0 for Okta on Collaborate

Configure SAML 2.0 for Okta on the Collaborate application by completing the following steps:

  1. Sign in to the Collaborate application as admin.

  2. In the Integrations module, select Authentication Methods > Analyst Dashboard > SAML 2.0 > Edit.

  3. Enter the values from Okta in the IDP (Identity Provider) section.

  4. In the Metadata XML section of the IDP (Identity Provider) section, select Upload to upload the metadata.xml from Okta.

  5. In SSO URL, enter the Identity Provider Single Sign-on URL from Okta.

  6. If you are configuring SAML for the Analyst Portal, you can configure a mapping between SAML IDP groups and the Collaborate's user role. For more information, see Configure SAML 2.0 as the Authentication Method.

  7. In Certificate, click View Certificate and click Upload Certificate to upload the certificate that you get from Okta.

  8. Toggle off Encrypt and AuthnRequest.

  9. Click Save.

  10. Toggle on Activate Authentication.

Sign in to CSAP using Okta

To sign in to CSAP after configuration, follow the below steps:

  1. Sign in to Okta as an admin using your Okta credentials.

  2. In the dashboard click CSAP Analyst Portal to sign in.

    Note

    If you forget your Okta password, click on Need help in signing in? and then on Forgot password?. Enter your email ID to get the procedure to reset your password.