Using Fortanix Data Security Manager SSO with Okta

Introduction

This article describes how to integrate Fortanix Data Security Manager (DSM) Single Sign On (SSO) using SAML 2.0 with Okta.

Prerequisites

• Okta admin account to configure the SSO using SAML 2.0.
• Fortanix DSM admin account for SSO configuration.

SSO Configuration on Okta

1. Log in to the Okta admin console.
   Figure 1: Log in to Okta
2. Click the Applications tab.
   Figure 2: Applications tab
3. Click the Create New App button to create a SAML application.
   Figure 3: Create new app
4. In the Create a New Application Integration window, select the following:
   1. Platform: “Web”
   2. Sign on method: “SAML 2.0”
   Click Create to create the application.
   Figure 4: Create app
5. In the General Settings tab, fill the details as below:
   NOTE

   You can choose a different name and logo based on your need.
   
   Figure 5: Create SAML integration
6. Click Next to Configure SAML.
7. In this SAML settings page, you need to provide the Single sign on URL and Service Provider (SP) Entity ID as below. It is important to choose the Name ID format to “EmailAddress” and Application username to “Email”.
   Figure 6: SAML Settings
8. On the SAML Settings page, scroll down and click the Next button.
   Figure 7: Finalize SAML Settings
9. In the Are you a customer or partner? Field select the option as below and click Finish.
   Figure 8: Finish SAML integration
10. You can see your application is onboarded and displayed on the Okta Application dashboard.
    Figure 9: Application onboarded
11. Click the application “Fortanix” and go to the Assignments tab. In this step we are assigning the application “Fortanix” to the SSO user who will log in to Fortanix DSM.
    NOTE

    Make sure you have added the SSO user to identity source.
    
    Figure 10: Assign app to Okta
12. Click the Sign On tab on the same page and click the View Setup Instructions as shown below.
    Figure 11: View setup instructions
13. On the View Setup Instruction page, note down the SSO URL and copy the IDP metadata to a notepad.
    Figure 12: Copy IDP metadata

Configuration on Fortanix Data Security Manager

1. Log in to Fortanix DSM admin console.
   Figure 13: Log in to Fortanix  DSM
2. Click the Settings tab in the left panel.
   Figure 14: Settings
3. On the Fortanix DSM Settings page, click the AUTHENTICATION tab and choose the SINGLE SIGN-ON option.
   Figure 15: Authentication - Single sign on
4. Click the  ADD SAML INTEGRATION to add a new SAML integration.
   Paste the IDP metadata for the SP in the textbox which we copied in Step 13 of the previous section. Enter an SSO Title and Logo URL.
   NOTE

   Choose a logo based on your need.
   
   Figure 16: Add SAML integration
5. Click ADD INTEGRATION.
6. Now your SSO integration is completed.
   Figure 17: SSO integration complete

Test the Integration

1. Open a new incognito browser and use the SSO URL to log in to SSO.
   Figure 18: Log in to SSO
2. Log in to SSO using the SSO user credentials.
   Figure 19: Log in to SSO
3. Log in to Fortanix DSM using the SSO username.
   Figure 20: Log in to Fortanix DSM
4. Click the SSO title “OKTASSO” which is the new SSO log in mechanism that we added.
   Figure 21: Log in using Okta SSO
5. You will now be automatically logged into Fortanix DSM account.
   Figure 22: Login successful