Configure Single Sign-On (SSO)
Note:The following information is unique to the single sign-on vendor Okta (SAML 2.0). Single sign-on procedures from other vendors may vary.
Perform the following steps to configure Single Sign-On (SSO).
To set up Okta (SAML 2.0) to use as a single sign-on (SSO) with Software Vulnerability Manager:
| 1. | Sign in to Okta. |
| 2. | Create an admin account. |
| 3. | Click Create New App to create a new Okta SSO app. |
| 4. | Choose Web for the Platform and SAML 2.0 for the Sign on method. Then click Create. |
| 5. | Enter an App name (Example: SVM) and App logo. Then click Next. |
Note:Username needs to be in email format.
| 6. | Copy the following from the Software Vulnerability Manager Configuration > Settings fields and paste in the Okta SAML Settings > fields: |
| • | Single Sign On URL (Same with Recipient URL and Destination URL) to Single sign on URL and Audience URL (SP Entity ID) |
| • | Select EmailAddress for Name ID format |
| • | Account Key to accountKey Value |
Complete the remaining Okta SAML Settings > Attribute Statements (Optional) name and value fields using the field’s drop-down list:
| • | firstName |
| • | lastName |
| • |
| • | username |
| 7. | Click (if not already selected) I’m an Okta customer adding an internal app for the Create SAML Integration - Step 3 Feedback screen. |
| 8. | At the Okta Sign On Settings screen, click the Identity Provider metadata link. |
| 9. | Copy the Identity Provider metadata URL from Okta, login into the partition admin, browse Configuration >Settings > Service Provider Configuration, and then check SSO Enabled. Select Identity Provider metadata UR and paste the copied IdP metadata URL into the text box. Select Automatically create new user check box and selected the template user from the combo box. |
Note:Single Sign-On settings can be updated only by the partition admin.
Note:For Binaries like Daemon, sc2012 plugin, Client toolkit will be logged in only by the standard login credentials. If disable standard login is selected, then the binaries will be logged in only by the partition administrator.
Note:For a secure connection, the Assertions Signed (or similarly named) setting should be enabled on your IDP.
| 10. | If you want to disable standard login options for all of your users (except root), select the Disable standard login option. |
Important:Before selecting this option, make sure that SSO is working correctly, to prevent user lockout.
| 11. | Click Save Service Configuration on the Configuration > Settings page. |
| 12. | Add Software Vulnerability Manager users to the Okta SSO account. |
| 13. | Assign Software Vulnerability Manager users to the Okta SSO app. |
| 14. | Users can login to Okta by entering the valid credentials and then click on SVM 2020 app to access the application. |
| 15. | Users are then logged into the Software Vulnerability Manager Login page. |
Important:For security purposes, Software Vulnerability Manager has a session timeout that will log you off after 2 hours of inactivity.