Preface

This document describes the configurations required for SAML2.0integration between the Octopus Authenticator and Okta SSO service

Octopus Authenticator Saml2.0 Service Configuration

  • Login to Octopus Authenticator Console
  • Select Services from the left pane
  • Select Add Service
  • Click Generic SAML service template

Tab 1 – General Information

The following field and values are displayed

Fields nameFields Value
Service nameOkta
IssuerOkta
Description
Service statusEnable
Display icon
Login page URL<https://<Enterprise Base URL>/generic-saml/<No.>/login>

 

Tab 2 – Parameters

The following field and values are displayed

Field nameField Value
loginLogin method for Octopus Authenticator server
Name IDOkta login user name
MethodPOST
ACS URLOkta IdP’s Assertion Consumer Service URL
AudienceOkta IdP’s Audience URI
+ Add parameterDo not add any parameters

 

Tab 3 – Sign On

The following field and values are displayed

Field nameField value
Multi Factor Authentication (MFA)Off (default)
Sign-on MethodSAML 2.0
X.509 CertificateOctopus Authenticator Salesforce service’s X.509 Certificate
SAML signature algorithmSHA-1 (default)
Single Sign On (SSO)Off (default)
Issuer URLhttp://<Enterprise base URL>/generic-saml/<No.>
SAML 2.0 Endpoint (HTTP)http://<Enterprise base URL>/generic-saml/login
Custom message

Note: Secret Double Octopus recommendation is to leave the default field values as displayed.

 

Tab 4 – Users

To configure the users of the service


    • Select users either from “Local Users” or “LDAP Users” lists
    • You can select either:
      • A group of users to import, by clicking on the dot next to one of the folders
      • An individual user to import, by clicking on the dot next to that user

The corresponding dot will then be colored blue. When you select only some of the users in the group, the dot adjacent to the group will be colored partially.
Following save settings action, the selected users will be enrolled in the service

  • Click “Save Settings

 

Okta Identity Provider Prerequisites

Octopus Authenticator Saml Service Sign-On Details

To retrieve the Octopus Authenticator Okta SAML service’s details, login to the Octopus Authenticator Management Console:

  • Select “Services” from the left pane
  • Edit the “Okta” Generic SAML service
  • At the “Sign On” tab
    • Issuer URL
    • SAML 2.0 Endpoint (HTTP)
    • X.509 certificate (cert.pem file)

 

Okta Identity Provider setup

  • Login to your Okta Admin account
  • From the “Admin” menu → Under “Security” dropdown menu → Select “Identity Provider
  • From the “Identity Providers” page → Click “+Add Identity Provider” dropdown menu → Select “Add SAML 2.0 IdP
  • Identity Provider General Settings:
    • Name: Octopus Authenticator
    • Protocol: SAML 2
  • Identity Provider Authentication Settings:
    • IdP Username: idpuser.subjectNameId (Default value)
    • Match against: Email or any other option as required
  • Scroll down for SAML Protocol Settings…

  • Identity Provider SAML Protocol Settings:
    • IdP Issuer URI: Octopus Authenticator Okta SAML 2.0 Service Sign-On’s Issuer URL
    • IdP Single Sign-On URL: Octopus Authenticator Okta SAML 2.0 Service Sign-On’s SAML 2.0 Endpoint (HTTP)
    • IdP Signature Certificate: Octopus Authenticator Okta SAML 2.0 Service Sign-On’s X.509 certificate (cert.pem) file
  • Click “Show Advanced Settings
    • Request Binding: HTTP POST
    • Request Signature: Uncheck box
    • Response Signature Verification: Assertion
    • Response Signature Algorithm: SHA-1
  • Destination: Octopus Authenticator Okta SAML 2.0 Service Sign-On’s SAML 2.0 Endpoint (HTTP)
  • Click “Create/Update Identity Provider
  • Identity Provider Summary:

 

Octopus Authenticator Okta Service Parameters’ Setup

To complete the Octopus Authenticator Okta SAML service integration, login to the Octopus Authenticator Managment Console:

  • Select “Services” from the left pane
  • Select the “Okta” service
  • Go to “Parameters” tab:
  • Set the “ACS URL” value with the Okta IdP’s “Assertion Consumer Service URL
  • Set the “Audience” value with the Okta IdP’s “Audience URI” value
  • Click “Save Settings