Okta

Configure Okta as an Identity Provider for CISO Assistant

Go into your Okta admin console (it should look like this: https://<your_url>.okta.com/admin/dashboard)

1. In the sidebar menu, click on Applications > Applications

   
2. Click now on Create App Integration

   
3. Select SAML 2.0 and click on Next

   
4. Choose an App name and click on Next

   
5. Add the Single sign-on URL: <base_url>/api/accounts/saml/0/acs/ (for example with localhost: https://localhost:8443/api/accounts/saml/0/acs/) (see screenshot below)

6. Add the Audience URI (SP Entity ID), it has to be the same than SP Entity ID in CISO Assistant (see screenshot below)

7. Choose Email as the Application username

   
8. Add Attribute Statements

   • http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname for user's first name

   • http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname for user's last name

   
9. Click on Next and fill in the Feedback page as you wish then click on Finish

   

   
10. In the Settings box inside SAML 2.0:

    • Copy the Metadata URL and paste it into the Metadata URL field in CISO Assistant

    • Copy the Issuer url and paste it into the IdP Entity ID field in CISO Assistant

    
11. Go to the Assignments tab

    
12. Click on Assign and choose whether you want to assign users or specific groups

    

Add a user in your application doesn't automatically create the user on CISO Assistant

You can now configure CISO Assistant with the 3 parameters you've retrieved.