Browse Docs

Okta Integration

Configuring Okta Integration

Configuring Okta integration with DefensX requires 2 basic steps:

  • Create an OIDC - OpenID Connect application on Okta

  • Update the Okta integration settings in DefensX Backend

Creating OIDC - OpenID Connect Application on Okta

Log in to your Okta portal as an administrator and go to the Applications section from the left pane. Then click on the Create App Integration button:

okta step 1

In this menu:

  • Select OIDC - OpenID Connect as Sign-in method

  • Select Web Application as Application type

and click on Next.

On the General Settings section, add the following settings:

  • Enter DefensX Connector as the App integration name

  • Select Authorization Code as the Grant type (it is the default option)

  • Enter https://cloud.defensx.com/okta/callback as the Sign-in redirect URIs

  • Remove the Sign-out redirect URIs

You can skip the Trusted Origin section, it is not needed.

On the Assignments section:

  • Select Allow everyone as Controlled access or select other options if you want to limit who can use the DefensX Connector

  • Select Enable immediate access with Federation Broker Mode, otherwise you need to assign application to users manually

and click on the Save button.

Update the Okta integration settings in DefensX Backend

On this step, log in to the DefensX Backend and go to SettingsOkta integration. On this page:

  • Enter your Okta domain name into the Okta Domain Name field. If you don’t know the domain, you can find it in the global header located in the upper-right corner of the Okta Admin Dashboard

  • Enter the corresponding Client ID and Client secret value from the Okta admin backend and click on the Save button.

Testing

In order to use Okta in DefensX backend admin login process, a user record with the same email should exist in the DefensX with admin rights. You can create admin users in DefensX without setting a password and enabling the Is Customer Admin flag.

To log in to the DefensX through Okta, when prompted click on the Okta sign-in first and enter your email address. After that, you’ll be redirected to Okta sign-in screen.

Note
 Okta doesn’t provide a common authentication endpoint for multi-tenant apps like AzureAD or Google. For this reason, users will need to enter their email addresses while logging into the backend.