The following values are used as demonstration values in this guide:
WallarmAppas a value for the App name parameter (in Okta).
https://sso.online.wallarm.com/acsas a value for the Single sign-on URL parameter (in Okta).
https://sso.online.wallarm.com/entity-idas a value for the Audience URI parameter (in Okta).
Ensure that you replace the sample values for the Single sign-on URL and Audience URI parameters with the real ones obtained in the previous step.
Log in to the Okta service (the account must have administrator rights) and click on the Administrator button in the upper right.
In the Dashboard section, click the Add Applications button on the right.
In the new application section, click the Create New App button on the right.
In the pop-up window, set the following options:
- Platform → “Web”.
- Sign-on method → “SAML 2.0”.
Click the Create button.
After that you will be taken to the SAML integration wizard (Create SAML Integration). To create and configure SAML integration you will be prompted to complete three stages:
After that, the metadata needs to be downloaded for the newly created integration.
Enter the name of the application you are creating in the App Name field.
Optionally, you can download the logo of the application (App logo) and configure application visibility for your users on the Okta homepage and in the Okta mobile application.
Click the Next button.
At this stage you will need the parameters generated earlier on the Wallarm side:
- Wallarm Entity ID
- Assertion Consumer Service URL (ACS URL)
This manual describes only the mandatory parameters to be filled in when configuring SSO with Okta.
To learn more about the rest of the parameters (including those related to the digital signature and SAML message encryption settings), please refer to the Okta documentation.
Fill in the following basic parameters:
- Single sign-on URL—enter the Assertion Consumer Service URL (ACS URL) value previously obtained on the Wallarm side.
- Audience URI (SP Entity ID)—enter the value of the Wallarm Entity ID received earlier on the Wallarm side.
The remaining parameters for the initial setup can be left as default.
Click Next to continue the setup. If you want to return to the previous step, click Previous.
At this stage, you are asked to provide Okta with additional information about the type of your application, whether you are an Okta customer or partner, and other data. It is enough to choose “I'm an Okta customer adding an internal app” for the parameter Are you a customer or partner?
If required, fill in other available parameters.
After that, you can finish the SAML integration wizard by clicking the Finish button. To go to the previous step, click the Previous button.
After this stage, you will be taken to the settings page of the created application.
The metadata is a set of parameters describing the identity provider's properties (such as those generated for the service provider in Step 1) required to configure SSO.
You can download the metadata either as an XML file or “as is” in text form (you will need to enter the metadata manually when configuring it further).
To download as an XML file:
Click the Identity Provider metadata link on the settings page of the created application:
As a result, you will be taken to a new tab on your browser with similar content:
Save the content to an XML file (with your browser or other suitable method).
To download the metadata “as is”:
On the settings page of the created application, click the View Setup instructions button.
Copy all the given data.
Now you can continue configuring the SSO on the Wallarm side.