SAML SSO with Okta

#1

Before creating the SAML application in Okta, you will need to obtain Infosec IQ’s Metadata and ACS URLs. To do so:

  1. Login to Infosec IQ
  2. Navigate to the settings gear in the top right corner and select Learner Authentication (SSO)
  3. In the Sign sign-on section, select setup
  4. Do not adjust any of the settings and click save in the bottom right-hand corner. This will expose the SP Metadata, Entity ID, and ACS URLs for your organization. You will need these URLs to perform the below configuration steps

To create the SAML app in Okta, please follow the below steps:

  1. Sign-in to the Okta Admin account
  2. Select Applications
  3. Click Create App Integration
  4. Select SAML 2.0 as the sign in method.

image
image.png1045×635 41.3 KB

  1. For General Settings
    • App Name: Infosec IQ
    • App Logo: Contact your Client Success Manager for a copy of the Infosec IQ logo, or leave blank
  2. Click Next
  3. Configure the following SAML settings; everything else can be left as is:
    • Single sign on URL: Paste the SP Assertion Consumer Service URL previously obtained
    • Audience URI: Paste the SP Entity ID previously obtained
    • Name ID format: Select EmailAddress from drop-down menu
    • Application Username: Select Email from the drop-down menu
    • Update application username on: Select Create and Update from the drop-down menu

image
image.png768×625 24.1 KB

  1. Click Next, then select “I’m an Okta customer adding an internal app” and click Finish
  2. Click on the Assignments tab, and add the people or groups you want to have access to the Infosec IQ training

image
image.png762×566 16.6 KB

  1. Navigate back to the Sign on tab, and click on the blue Copy button underneath the Metedata URL section.

For the next part we’ll navigate back to Infosec Accounts to finish setting up the authentication method and test it to make sure everything is working okay.

  1. Navigate your Infosec Accounts page where the SP metadata and ACS URLs were obtained. If you have left the page, login to Infosec IQ and hover over the settings gear in the top-right corner and select learner authentication (sso)
  2. Expand the Actions menu on the SAML configuration that was started and select edit
  3. Select the URL option under IdP Metadata section and paste the metadata link you copied from the Okta application.
  4. (optional) If you are planning on having your learners access the training for the Infosec IQ chiclet in Okta, make sure the IDP Initiated SSO toggle is enabled
  5. Select Save
    image
    image.png547×842 21.7 KB
  6. Once saved, you can perform a test by expanding the Actions dropdown menu and clicking test. Follow the prompts on the screen to complete the test. If your test isn’t successful, please contact support for further assistance.
  7. After the test is successful, the SSO configuration will be active for all users

Initiating Training through Infosec IQ

When creating an AwareEd campaign, you will need to ensure that you have learner authentication enabled before scheduling. To do so:
  1. Inside the campaign creator (AwareEd > Campaigns > New Campaigns), scroll down to the bottom
  2. Locate the Learner Authentication section underneath Schedule
  3. To enable Learner Authentication for that campaign, check the box
    LearnerAuth

Initiate Training through Okta (Chiclet on Dashboard):

If you would like your employees to access their training from their Okta Dashboard, follow the below steps:
  1. Confirm that the IDP initiated toggle is enabled for your Organization on your Infosec Accounts page
  2. Once confirmed, launch an AwareEd campaign.
  3. After you have launched the campaign, your employees will now be able to access their training using the Chiclet on the Okta Dashboard.

Note: You may want to disable the campaign notifications and send out a separate email.
Please work with your CSM on best practices.