Skip to main content

General Documents

Set Up SAML SSO Integration using Okta

On Cyware Products, you can enable single sign-on (SSO) using an Identity Provider (IdP) that supports Security Assertion Markup Language (SAML), such as Okta.

Create Custom Attributes in Okta for Cyware Product

You can create custom attributes to use in the SAML assertion.

Steps 

To create custom attributes, follow these steps:

  1. Sign in to Okta as an Administrator.

  2. In the Admin Console, go to Directory > Profile Editor.

  3. Click Okta in the Filters list.

  4. For Okta User (default), click Profile. If Profile is unavailable, click User (default).

  5. View the list of all Base and Custom attributes. The Username, Firstname, Lastname, and Email attributes are available as base attributes.

  6. Click Add Attribute to add a new custom attribute. Use the following details:

    1. Data Type: Select data type as string.

    2. Display Name: Provide a display name for the custom attribute, such as User Group Mapping.

    3. Variable Name: Provide a variable name, for example, memberOf if creating a mapping between SAML groups.

  7. Click Save or Save and Add Another to add additional custom attributes.

Fetch Assertion URL and Entity ID from Cyware Product

Fetch the Assertion Consumer URL and entity ID from the Cyware product and have them handy.

Steps 

  1. Login to the Cyware application.

  2. Navigate to Administration > Configuration > Authentication > SAML 2.0. If you are a Collaborate (CSAP) user, navigate to Management > Integrations > Authentication Methods > SAML 2.0.

  3. Copy these values. You need these values while setting up the SAML 2.0 app in Okta.

    • Assertion Consumer URL

    • Entity ID

    fetch_assertion_URL.png

Create and Configure SAML 2.0 App for Cyware Product on Okta

On Okta, you have to set up a SAML 2.0 application for the Cyware products and generate a Single sign-on URL and certificate.

Steps 

  1. Sign in to Okta as an administrator.

  2. In the Okta Admin Console, go to Applications > Applications.

  3. Click Create App Integration, select SAML 2.0 as the sign-on method, and click Next.

  4. Under General Settings, enter the following values and click Next to proceed to SAML Settings.

    • App Name - CTIX SSO application

    • App Logo - Use Product logo

    • App Visibility - Do not check these options

    CTIX_SAML_Settings.png

  5. To Configure SAML, Enter the Assertion consumer URL you copied from the Cyware product into the Sign On URL. Ensure Use this for Recipient URL and Destination URL is checked.

  6. In the Audience URI (SP Entity ID) field, paste the Entity ID copied from the Cyware product.

  7. Leave Default RelayState blank.

  8. Set Name ID format to EmailAddress.

  9. Set the Application Username to Okta username.

  10. For Update application username on, select Create and update.

    CTIX_SAML_Settings.png

  11. In Attribute Statements (optional), add an attribute statement with:

    • Name: email

    • Format: Unspecified

    • Value: user.email

      Note

      If Unspecified format does not work, try Persistent.

  12. Click Next to proceed to the Feedback screen.

  13. In the App feedback section, select This is an internal app that we have created and click Finish. You have now successfully created an application for the SAML integration. This application will have the details of the IDP URL and Certificate which you’ll need to add to the Cyware product to complete the SSO integration. This application will have the details of the IDP URL and Certificate which you’ll need to add to the Cyware product to complete the SSO integration.

  14. On the app’s main page, in the right sidebar, click View SAML setup instructions.

  15. In the SAML setup instructions, copy the Identity Provider Single Sign-On URL for Cyware’s SSO URL field, the Identity Provider Issuer (Entity ID) if required, and the X.509 Certificate for Cyware’s configuration.

    CTIX_configure_SAML.png

Configure SAML for Okta on Cyware Product

Configure SAML for Okta on the Cyware product by completing the following steps.

Steps 

  1. Sign in to the Cyware product.

  2. Navigate to the appropriate SAML configuration page:

    1. CTIX users: Go to Administration > Configuration > Authentication > SAML 2.0.

    2. Collaborate (CSAP) users: Go to Management > Integrations > Authentication Methods > SAML 2.0

  3. Select SAML 2.0 and click Edit.

  4. In the IDP (Identity Provider) section, enter the values copied from Okta:

    1. SSO URL: Enter the Identity Provider Single Sign-On URL from Okta.

    2. IDP Certificate: Paste the Okta X.509 certificate.

  5. Optionally, upload the metadata.xml file from Okta by selecting Upload Metadata File and choosing the file.

  6. Click Activate SAML to enable SAML authentication.

  7. Click Save to finalize the configuration.

Assign Users to the Okta App

Steps 

To assign individual users to the Cyware SAML app in Okta, follow these steps:

  1. In the Okta Admin Console, go to Applications > Applications.

  2. Find and select the Cyware SAML app you created.

  3. In the app’s settings page, click on the Assignments tab.

  4. Click Assign > Assign to People to add individual users.

  5. Locate the user you want to assign, click Assign next to their name, and confirm their details if prompted.

  6. Click Save and Go Back to complete the assignment.

  7. Ensure that the assigned users are now listed under People in the app’s assignments tab.

Assign Values to your Custom Attributes

After configuring the Okta app, you can map custom attribute values to users.

Steps:

To map Okta users with custom attribute values, follow these steps.

  1. In the Okta Admin Console, go to Directory > People.

  2. Select the user to whom you want to assign custom attribute values.

  3. On the user’s profile page, go to the Profile section to view all available attributes, including the custom attributes you created.

  4. For each custom attribute (example, User Group Mapping), enter the required value based on your organization’s SAML configuration needs.

  5. Click Save to update the user’s profile with the new attribute values.