Skip to main content
Skip table of contents

Okta SAML

SAML SSO transfers the user’s identity from one place (the identity provider) to another (the service provider). This transfer is done through an exchange of digitally signed XML documents. Sectona PAM uses Okta SAML Authentication to allow access for their users. This section covers the following:

Before you begin

  • The user should have admin access to the Okta developer portal.

  • The user must also have admin access to Sectona PAM.

Configuring Okta SAML Authentication

To configure SAML authentication for Okta with Sectona PAM instance, follow the below-mentioned steps:

Configuring Okta Developer Account 

  • Log in to the Okta developer account as admin.

  • Go to Applications → Applications → Create New App.

  • Select “SAML 2.0” and then click Create.

  • Enter a suitable name for your app and click on enter.

  • Configure the following fields in the app and click on Next:

    • SSO URL: ‘URL where your PAM is installed.’

    • Entity ID: Provide a random unique String combination as your Entity ID. It will help t to create a unique identity for your SAML App configuration and avoid duplicate entries.

    • Name ID: Select Email Address from the drop-down list

    • Application username: Select Email from the drop-down list

  • Select the best option for your identity with Okta and click on Finish.

  • We can then view and download the configuration metadata by clicking on “Identity Provider Metadata.” 

Adding Users in Okta

  • Go to Applications → Applications.

  • Click on the arrow beside your created app, then click on Assign to Users.

  • Click on add a user, fill in the required details, and click on Save.

Configuring Sectona PAM for Okta SAML Authentication

  • Login to Sectona PAM as admin, Go to Configuration → AD & Directory Store → Click on add Ad & Directory Story.

  • Fill in the following details:

    • Directory Name: Provide a suitable name 

    • Authentication Type: Select ‘Generic SAML’ from the drop-down list

    • Directory Store Type: Select ‘SAML’ from the drop-down list

    • Issuer: Provide the URL where your PAM is installed

    • Logon URL: This is present in the metadata file. You will find two SingleSignOnService Location tags in the metadata file. Choose the URL which is distinctive for the HTTP-POST method. Copy that URL and paste it into this field.

    • Logon Binding: This will be auto-filled in PAM 

    • Open your metadata file. Copy the text present in <ds: X509Certificate> tag. Paste it in a notepad and save it as a .crt file. Upload that file as the certificate file and then click Save.

  • Go to Manage → User → Assign the created directory store to the user to complete the configuration.

To show Logon with SAML option on the Sectona logon screen, Go to System → System Defaults → User Logon Show SAML Option → Set the config value as 1.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.