Configuring Okta

Okta is a standards-compliant OAuth 2.0 authorization server that provides cloud identity solutions for your organization, and a single sign-on provider that makes it easy to manage access to your Cloud App Security account.

This section describes how to configure Okta as a SAML (2.0) identity provider for Cloud App Security to use.

Before you begin configuring Okta, make sure that:

  • You have a valid subscription with Okta that handles the sign-in process and eventually provides the authentication credentials to the Cloud App Security management console.

  • You are logged on to the management console as a Cloud App Security global administrator. For details, see Administrator and Role.

  1. Log in to your Okta organization as a user with administrative privileges.
  2. Click Admin in the upper right, and then navigate to Applications > Applications.
  3. Click Add Application, and then click Create New App.

    The Create a New Application Integration screen appears.

  4. Select Web as the Platform and SAML 2.0 as the Sign on method, and then click Create.
  5. On the General Settings screen, type a name for Cloud App Security in App name, for example, Cloud App Security, and click Next.
  6. On the Configure SAML screen, specify the following:
    1. Type the Cloud App Security logon URL in Single sign on URL based on your serving site.

      For example, if the URL of your Cloud App Security management console in the address bar is "https://admin-eu.tmcas.trendmicro.com" after logon, type https://admin-eu.tmcas.trendmicro.com/ssoLogin in Single sign on URL.

    2. Select Use this for Recipient URL and Destination URL.
    3. Specify the Audience URI in Audience URI (SP Entity ID), which is the Cloud App Security logon URL of your serving site.

      For example, if the URL of your Cloud App Security management console in the address bar is "https://admin-eu.tmcas.trendmicro.com" after logon, the Audience URI is https://admin-eu.tmcas.trendmicro.com.

    4. Select EmailAddress in Name ID format.
    5. Select Okta username in Application username.
    6. Click Next.
  7. On the Feedback screen, click I'm an Okta customer adding an internal app, select This is an internal app that we have created, and then click Finish.

    The Sign On tab of your newly created Cloud App Security application appears.

  8. Click View Setup Instructions, and record the URL in Identity Provider Single Sign-On URL and the certificate content in X.509 Certificate.
  9. Assign the application to people.
    1. Select Directory > People.
    2. Click the user that you want to assign the application to, and then click Assign Applications.

      The Assign Applications screen appears.

    3. Locate Cloud App Security you added and click Assign.
    4. Verify the user name and click Save and Go Back.
    5. Confirm that the application is assigned to this user.
    6. Repeat the above steps to assign the application to more users as necessary.

    You are now ready to configure Okta for single sign-on and add these users as administrators in the Cloud App Security management console.

Parent topic: Single Sign-On