Connecting SSO with Okta¶

This guide covers the process of connecting the Okta service as an identity provider to Wallarm, which acts as the service provider.

To fulfill steps, you need accounts with administration rights both for Wallarm and Okta.

Step 1 (Wallarm): Activate SSO service¶

By default, SSO service for authentication in Wallarm is not active, corresponding blocks are not visible in the Integrations section in Wallarm Console.

To activate the SSO service, contact the Wallarm support team.

Step 2 (Wallarm): Generate metadata¶

You need Wallarm metadata to enter on the Okta side:

1. In Wallarm Console, go to Integrations → SSO SAML AUTHENTICATION and initiate the Okta SSO configuration.

   

2. In the SSO configuration wizard, at the Send details step, overview the Wallarm metadata, that should be passed to the Okta service.

   

   • Wallarm Entity ID is a unique application identifier generated by the Wallarm application for the identity provider.
   • Assertion Consumer Service URL (ACS URL) is the address on the Wallarm side of the application on which identity provider sends requests with the SamlResponse parameter.

3. Copy metadata or save them as XML.

Step 3 (Okta): Configure application¶

To configure application in Okta:

1. Log in to Okta as administrator.

2. Click Administrator → Dashboard → Add Applications.

   

3. Click Create New App.

4. Set:

   • Platform → “Web”.
   • Sign‑on method → “SAML 2.0”.

5. Proceed and in the Create SAML Integration wizard set general integration settings, such as App Name and optionally App logo.

   

6. Proceed and enter the Wallarm's metadata. Required fields:

   • Single sign‑on URL = Assertion Consumer Service URL (ACS URL) in Wallarm.

   • Audience URI (SP Entity ID) = Wallarm Entity ID in Wallarm.

     

7. Optionally, set other parameters described in Okta documentation.

   

8. Proceed and set Are you a customer or partner to "I'm an Okta customer adding an internal app".

9. Optionally, set other parameters.

   

10. Click Finish. You will be redirected to the page of the created application.

11. To get Okta metadata, go to the Sign On tab, do one of the following:

    • Click Identity Provider metadata and save displayed data as XML.
    • Click View Setup instructions and copy displayed data.

12. Provide Okta users with access to the created application by going to Administrator → Dashboard → Assign Applications and assigning users to the application.

    

Step 4 (Okta): Configure provisioning¶

The provisioning is an automatic transfer of data from SAML SSO solution (Okta) to Wallarm: your Okta users and their group membership define access to Wallarm and permissions there; all user management is performed on Okta side.

For this to work, provide the attribute mapping:

1. In Okta application, map:

   • email
   • first_name
   • last_name

   • user group(s) to wallarm_role:[role] where role is:

     • admin (Administrator)
     • analytic (Analyst)
     • api_developer (API Developer)
     • auditor (Read Only)
     • partner_admin (Global Administrator)
     • partner_analytic (Global Analyst)

     • partner_auditor (Global Read Only)

       See all role descriptions here.

2. Save the changes.

Step 5 (Wallarm): Enter Okta metadata¶

1. In Wallarm Console, in the SSO configuration wizard, proceed to the Upload metadata step.

2. Do one of the following:

   • Upload Okta metadata as an XML file.

   • Enter metadata manually as follows:

     • Identity Provider Single Sign‑On URL → Identity provider SSO URL.
     • Identity Provider Issuer → Identity provider issuer.

     • X.509 Certificate → X.509 Certificate field.

       

3. Complete SSO configuration wizard. Wallarm will test if data to/from your Okta can now be transferred.

Was this page helpful?

How can we improve this article? (Optional)

Information is unclear or confusing

Insufficient information

Outdated or incorrect information

0/240

Send