Application Security Platform
SSO

Okta Single Sign-On Integration with SAML

This document is for:
Invicti Platform

Okta is an identity and access management platform. Its Single Sign-On (SSO) solution allows users to log into a variety of systems using one centralized process.

This document explains how to configure Okta and Invicti Platform for Single Sign-On.

How to configure Okta with SAML

There are two steps in this process:

Step 1: Add an application to Okta

  1. Navigate to Okta’s Admin Console, then select Applications > Applications from the left-side menu.
  2. Click Create App Integration.
  3. From the Create a new app integration dialog, select SAML 2.0. Then click Next.

Creating SAML 2.0 app integration in Okta.

  1. On the Create SAML Integration page, enter a name in the App name field. We use Invicti for this example.
  2. Select Next.
  3. In a new browser tab, login to Invicti Platform and select Settings > Security & Access Control > SSO.  
  4. Turn on the Enable SSO toggle.
  5. Select Okta from the SSO Provider dropdown list.
  6. Copy the SAML 2.0 Service URL and paste the URL into Okta’s Single Sign-on URL field.
  7. Return to the Invicti browser tab and copy the Identifier URL. Paste it into Okta’s Audience URI (SP Entity ID) field.

Okta SSO integration in Invicti Platform.

  1. In the Okta tab, add the following FirstName field in the Attribute Statements and select user.firstName value from dropdown.

Configuration of attribute statements in Okta.

  1. Click Next to view the Feedback tab.
  2. Click Finish. You will see the Invicti application’s details.
  3. In the Sign On tab click View SAML setup instructions. Okta opens a new browser tab.
  4. From the new tab, copy the URL from the Identity Provider Issuer and paste the URL to Invicti’s IdP Identifier field.
  5. In the Okta tab, copy the URL from the Identity Provider Single Sign-On URL and paste it to Invicti’s SAML 2.0 Endpoint field.
  6. In the Okta tab, copy the content from the X.509 Certificate field. Then switch to the Invicti tab and paste the URL to the X.509 Certificate field.

Configuration of SAML 2.0 Endpoint, IdP Identifier, X.509 Certificate in

  1. In Invicti, select the checkboxes for signed assertions, encrypted assertions, or sign requests as needed.

Additional security options in Invicti Platform including assertions and sign requests.

Selecting Require encrypted assertions will require applying additional settings in Okta. For instructions, refer to Configure encrypted assertions in Okta.

  1. If you enable any assertions or requests, a new section appears where you can Generate a new certificate or upload an existing one.

Setup of additional security certificate in Invicti Platform.

  1. Use the Invicti’s SSO Exemptions dropdown to select users who can log in to Invicti via password.

SSO Exemptions dropdown in Invicti Platform.

  1. Click Save.

Configure encrypted assertions in Okta

  1. From the Okta’s main menu, go to Applications > Invicti.
  2. Select the General tab and scroll down to the SAML Settings section. Click Edit.
  3. Click Next, then Show Advanced Settings.
  4. Use the dropdown next to Assertion Encryption to select Encrypted.
  5. Click Browse Files next to Encryption Certificate and upload your Invicti certificate.

Configuring assertion encryption in Okta.

Step 2: Add users to the application in Okta

  1. Select Directory > People from the left-side menu in Okta.
  2. Click the Add Person button to open a form.
  3. Fill out the form.
  4. Click Save.
  5. Select Applications > Applications from the left-side menu.
  6. Select Invicti from the list.
  7. In the Assignments tab, click Assign > Assign to People.
  8. From the Assign Invicti to People dialog, select Assign next to the person you want to add.
  9. Select Save and Go Back.
  10. Click Done.

Your assigned users can now log in to Invicti via Okta.

Share This Article