Browse Docs
ONLINE DOCUMENTATION

Okta Integration

Tip
 This document explains how to configure Single Sign-On (SSO) using OpenID Connect (OIDC) with Okta. If you need to synchronize user group memberships or assign administrative privileges based on group information, you must use the SAML SSO configuration workflow in DefensX. In that case, please refer to the SAML SSO Configuration article.

Configuring Okta Integration

Configuring Okta integration with DefensX requires 2 basic steps:

  • Create an OIDC - OpenID Connect application on Okta

  • Update the Okta integration settings in DefensX Backend

Creating OIDC - OpenID Connect Application on Okta

Log in to your Okta portal as an administrator and go to the Applications section from the left pane. Then click on the Create App Integration button:

okta step 1

In this menu:

  • Select OIDC - OpenID Connect as Sign-in method

  • Select Web Application as Application type

and click on Next.

On the General Settings section, add the following settings:

  • Enter DefensX Connector as the App integration name

  • Select Authorization Code as the Grant type (it is the default option)

  • Enter https://cloud.defensx.com/okta/callback as the Sign-in redirect URIs

  • Remove the Sign-out redirect URIs

You can skip the Trusted Origin section, it is not needed.

On the Assignments section:

  • Select Allow everyone as Controlled access or select other options if you want to limit who can use the DefensX Connector

  • Select Enable immediate access with Federation Broker Mode, otherwise you need to assign application to users manually

and click on the Save button.

Update the Okta integration settings in DefensX Backend

On this step, log in to the DefensX Backend and go to SettingsOkta integration. On this page:

  • Enter your Okta domain name into the Okta Domain Name field. If you don’t know the domain, you can find it in the global header located in the upper-right corner of the Okta Admin Dashboard

  • Enter the corresponding Client ID and Client secret value from the Okta admin backend and click on the Save button.

Testing

In order to use Okta in DefensX backend admin login process, a user record with the same email should exist in the DefensX with admin rights. You can create admin users in DefensX without setting a password and enabling the Is Customer Admin flag.

To log in to the DefensX through Okta, when prompted click on the Okta sign-in first and enter your email address. After that, you’ll be redirected to Okta sign-in screen.

Note
 Okta doesn’t provide a common authentication endpoint for multi-tenant apps like AzureAD or Google. For this reason, users will need to enter their email addresses while logging into the backend.
Secure Industries, Inc 101 Avenue of The Americas, Floor 9 New York, NY 10013