1.0 Introduction
This article describes how to integrate Fortanix-Data-Security-Manager (DSM) Single Sign-On (SSO) using SAML 2.0 with Okta.
2.0 Prerequisites
Ensure the following:
An Okta administrator account to configure the SSO using SAML 2.0.
Fortanix DSM administrator account for SSO configuration.
3.0 Configure Okta SSO
Perform the following steps to configure Okta as the SSO authentication method in Fortanix DSM:
Log in to the Okta admin console.
Figure 1: Log in to Okta
Click the Applications tab.
Figure 2: Applications tab
Click the Create New App button to create a SAML application.
Figure 3: Create new app
In the Create a New Application Integration window, do the following:
Platform: Select Web.
Sign on method: Select SAML 2.0.
Click Create to create the application.
Figure 4: Create app
In the General Settings tab, fill in the details as below:
NOTE
You can choose a different name and logo based on your requirements.
Figure 5: Create SAML integration
Click Next to configure SAML.
In the SAML settings page, enter the Single sign on URL and Audience URI (SP Entity ID). It is important to select the Name ID format for EmailAddress and Application username to Email.
Figure 6: SAML Settings
On the SAML Settings page, scroll down and click Next.
Figure 7: Finalize SAML Settings
In the Are you a customer or partner? field, select the option I’m a software vendor. I’d like to integrate my app with Okta, and click Finish.
Figure 8: Finish SAML integration
You can see your application is onboarded and displayed on the Okta Applications dashboard.
Figure 9: Application onboarded
Click the application “Fortanix” and go to the Assignments tab. In this step, we are assigning the application “Fortanix” to the SSO user who will log in to Fortanix DSM.
NOTE
Make sure you have added the SSO user to the identity source.
Figure 10: Assign app to Okta
Click the Sign On tab on the same page and click View Setup Instructions as shown below.
Figure 11: View setup instructions
On the instructions page, note down the SSO URL and copy the IDP metadata to a notepad.
Figure 12: Copy IDP metadata
4.0 Configure Okta SSO in Fortanix DSM
Perform the following steps to integrate Fortanix DSM with Okta using SAML configuration:
Log in to the Fortanix DSM using URL: https://<FORTANIX_DSM_URL>/.
In the Fortanix DSM user interface (UI), navigate to Settings → AUTHENTICATION tab, and select SINGLE SIGN-ON as the authentication method.
Click ADD SAML INTEGRATION to add a new SAML integration.
Figure 13: Select SSO
On the Add SAML Integration page, do the following:
Click UPLOAD A FILE to browse and upload the SAML file downloaded in Step 13 of Section 3.0: Configure Okta SSO.
Figure 14: Upload SAML metadata
In the SSO Title field, customize the SSO by adding a name in the SSO Title field and a URL for the logo image in the Logo URL field.
Click ADD INTEGRATION.
Figure 15: Customize SSO
After successfully integrating with Okta SSO, Fortanix DSM displays the configured SSO below:
Figure 16: Ping Identity configured
5.0 Test the Integration
Perform the following steps to verify the SSO integration:
Log out of Fortanix DSM to sign in using SSO.
Open a new incognito browser window and enter the Okta SSO URL.
Enter the SSO user credentials to log in.
Figure 17: Log in to SSO
On the Fortanix DSM Login screen, click the LOG IN WITH OKTA_SSO to log in using the newly added SSO configuration.
Figure 18: Log in using Okta SSO
You will now be automatically logged in to Fortanix DSM and reach the Fortanix DSM accounts page.