Configuring SAML Authentication with Okta

1. Access https://www.okta.com/ and create a trial account.

2. Log in to your Okta account, create a domain when prompted. For example: sonicwallsk.okta.com.

   

3. To add SMA application to your Okta account:
   1. Login to Okta account with proper credentials.
   2. Click Admin at the upper-right corner of the page.

   3. Click Add App under Use single sign on.

      

   4. Click Create New App to create a new app.

      

   5. In the dialog, select SAML 2.0, and then click Create.

   6. In General Settings, enter “SMA100 VPN” (Just an example) in the App name box, and then click Next.

      

   7. In Configure SAML, under SAML Settings, paste the URL: https://{appliance ‘s IP address or Hostname}/ api /v1/logon/saml2ssoconsumer in Single sign on URL, Recipient URL, Destination URL and Audience Restriction (SP Entity ID) fields.

      

   8. In the Attribute Statements section, add three attribute statements:
      1. FirstName set to “user.firstName”
      2. LastName set to “user.lastName”

      3. Email set to “user.email”

         

   9. Click Next to continue.
   10. In Feedback, select I’m an Okta customer adding an internal app, and This is an internal app that we have created, and then click Finish.

   11. The Sign On section of created “SMA100 VPN” application appears. Keep this page open in a separate tab or browser window. You need to return to this page and copy the “Identity Provider metadata” link later. (To copy that link, right-click on the Identity Provider metadata link and select Copy).

       

   12. Click View setup Instructions and download the certificate. (This information is required while configuring authentication server in SMA100 appliance).

       

   13. Right-click on the Assignments section of the “SMA100 VPN” application and select Open Link in New Tab (so that you can come back to the Sign On section later).

   14. In the new tab that opens, click Assign and select Assign to People.

       

4. To configure SAML on your SMA appliance:

   1. Upload Okta SAML certificate in the SMA 100 appliance on system > certificates page.

      

   2. Create a SAML domain with data of Okta IDP:

      • Give any valid name like “SAML OKTA”.
      • Server ID is Identity Provider Issuer value present in Okta.

      • Authentication service URL is Identity Provider Single Sign-On URL value present in Okta.

        

      You can now proceed with authentication from Virtual Office portal and NetExtender. When you select Okta domain in the login page, you are redirected to the Okta login page, and after providing correct credentials, the authentication is successful.