Skip to main content

General Documents

Set Up SAML SSO Integration using Okta

On Cyware Products, you can enable single sign-on (SSO) using an Identity Provider (IdP) that supports Security Assertion Markup Language (SAML), such as Okta.

Create Custom Attributes in Okta for Cyware Product

Custom attributes in Okta let you include additional user details, like roles or regions, in the SAML assertion. This ensures the Cyware product receives all necessary information for smooth authentication.

Before you Start 

  • Ensure you have Administrator access to your Okta account.

Steps 

To create custom attributes, follow these steps:

  1. In the Admin Console, go to Directory > Profile Editor.

  2. Click Okta in the Filters list.

  3. For Okta User (default), click Profile. If Profile is unavailable, click User (default).

  4. View the list of all Base and Custom attributes.

  5. Click Add Attribute to add a new custom attribute. Use the following details:

    1. Data Type: Select data type as string.

    2. Display Name: Enter a display name for the custom attribute, such as User Group Mapping.

    3. Variable Name: Enter a variable name, for example, memberOf if creating a mapping between SAML groups.

  6. Click Save or Save and Add Another to add additional custom attributes.

Fetch Assertion URL and Entity ID from Cyware Product

Fetch the Assertion Consumer URL and Entity ID from the Cyware product and keep them handy. These details will be required when configuring the SAML 2.0 app for the Cyware product in Okta to ensure proper communication and authentication setup.

Steps 

  1. Sign in to the Cyware application.

  2. Navigate to Administration > Configuration > Authentication > SAML 2.0. If you are using the Collaborate Analyst Portal (CSAP), navigate to Administration > Integrations > Authentication Methods > SAML 2.0,

  3. Copy these values. You need these values while setting up the SAML 2.0 app in Okta.

    • Assertion Consumer URL

    • Entity ID

    fetch_assertion_URL.png

Create and Configure SAML 2.0 App for Cyware Product on Okta

On Okta, you have to set up a SAML 2.0 application for the Cyware products and generate a single sign-on URL and certificate.

Steps 

  1. Sign in to Okta

    • Sign in to Okta as an administrator. Ensure you have sufficient privileges to configure apps and SAML settings.

    • In the Okta Admin Console, navigate to Applications > Applications. This section manages your app integrations.

    • Click Create App Integration, select SAML 2.0 as the sign-on method, and click Next to proceed with setting up the integration.

  2. General Settings

    • App Name: Enter a name for the application. For example, CTIX SSO application.

    • App Logo: Upload the product's logo.

    • App Visibility: Leave the visibility options unchecked, as this configuration is for internal use.

    • Click Next to move to the SAML Settings section, where you will configure the SAML attributes.

  3. SAML_general_settings.png

  4. Configure SAML

    • Enter the Assertion Consumer URL copied from the Cyware product into the Single sign-on URL.

    • Ensure Use this for Recipient URL and Destination URL is checked to ensure that the SAML response is sent to the correct location.

    • In the Audience URI (SP Entity ID) field, paste the Entity ID copied from the Cyware product.

    • Leave Default RelayState blank.

    • Set Name ID format to EmailAddress.

    • Set the Application Username to Okta username.

    • For Update application username on, select Create and update, which allows okta to automatically create or update the user's profile based on changes.

    • Attribute Statements (optional): This ensures that the correct user identity is recognized during SSO, enabling seamless authentication.

      • Name: email

      • Name format (optional) : Unspecified

      • Value: user.email

  5. CTIX_SAML_Settings.png

  6. Feedback

    • Click Next to proceed to the Feedback screen.

    • In the App Feedback section, select This is an internal app that we have created and click Finish.

    • You have now successfully created an application for the SAML integration.

    • This application will have the details of the IDP URL and Certificate which you’ll need to add to the Cyware product to complete the SSO integration.

  7. View SAML Setup Instructions

    • On the app’s main page, in the right sidebar, click View SAML setup instructions.

    • In the SAML setup instructions, copy the following:

      • Identity Provider Single Sign-On URL for Cyware’s SSO URL field

      • Identity Provider Issuer (Entity ID) if required

      • X.509 Certificate for Cyware’s configuration

  8. CTIX_configure_SAML.png

Configure SAML for Okta on Cyware Product

Configure SAML for Okta on the Cyware product by completing the following steps.

Steps 

  1. Sign in to the Cyware product.

  2. Navigate to the appropriate SAML configuration page:

    1. CTIX users: Go to Administration > Configuration > Authentication > SAML 2.0.

    2. Collaborate (CSAP) users: Go to Management > Integrations > Authentication Methods > SAML 2.0

  3. Select SAML 2.0 and click Edit.

  4. In the IDP (Identity Provider) section, enter the values copied from Okta:

    1. SSO URL: Enter the Identity Provider Single Sign-On URL from Okta.

    2. IDP Certificate: Paste the Okta X.509 certificate.

  5. Optionally, upload the metadata.xml file from Okta by selecting Upload Metadata File and choosing the file.

  6. Click Activate SAML to enable SAML authentication.

  7. Click Save to finalize the configuration.

Assign Users to the Okta App

Steps 

To assign individual users to the Cyware SAML app in Okta, follow these steps:

  1. In the Okta Admin Console, go to Applications > Applications.

  2. Find and select the Cyware SAML app you created.

  3. In the app’s settings page, click on the Assignments tab.

  4. Click Assign > Assign to People to add individual users.

  5. Locate the user you want to assign, click Assign next to their name, and confirm their details if prompted.

  6. Click Save and Go Back to complete the assignment.

  7. Ensure that the assigned users are now listed under People in the app’s assignments tab.

Assign Values to your Custom Attributes

After configuring the Okta app, you can map custom attribute values to users.

Steps:

To map Okta users with custom attribute values, follow these steps.

  1. In the Okta Admin Console, go to Directory > People.

  2. Select the user to whom you want to assign custom attribute values.

  3. On the user’s profile page, go to the Profile section to view all available attributes, including the custom attributes you created.

  4. For each custom attribute (example, User Group Mapping), enter the required value based on your organization’s SAML configuration needs.

  5. Click Save to update the user’s profile with the new attribute values.