Team: Huntress Managed Endpoint Detection and Response (EDR)
Product: SAML SSO 2.0 for Okta
Environment: Okta, Huntress.io
Summary: Configure Single sign-on SAML 2.0 for Okta
Contents
Supported Features
The Okta/Huntress SAML integration currently supports the following features:
- SP-initiated SSO
- IdP-initiated SSO
For more information on the listed features, visit the Okta Glossary.
Configuration Steps
1. In Okta, select the Sign On tab for the Huntress app, under SAML 2.0 Sign on method go to Metadata details > More details, as this will give you the Identity Provider Single Sign-On URL, the Identity Provider Issuer, and the Certificate you will need for configuring the SAML SSO app in the Huntress portal.
2. Sign in to your portal at huntress.io.
3. Go to Settings and click Setup SAML SSO.
4. Enter the Identity Provider Single Sign-On URL from the Okta Huntress App in the SSO Service URL field.
5. Enter the Identity Provider Issuer from the Okta Huntress App in the Entity ID (URL) field.
6. Paste the whole X.509 Certificate from the Okta Huntress App into the Certificate field.
7. Hit Save.
Notes
- The following SAML attributes are supported and need to exist in order for user authentication to function:
Name | Value |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress / urn:oasis:names:tc:SAML:2.0:attrname-format:uri | user.email |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname / urn:oasis:names:tc:SAML:2.0:attrname-format:uri | user.firstName |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname / urn:oasis:names:tc:SAML:2.0:attrname-format:uri | user.lastName |
- The Okta Huntress App does not currently support JIT. This means that users must be added in the Huntress portal as well prior to them being able to log in via SSO.
SP-initiated SSO
1. Go to huntress.io
2. Click Login with SSO
3. Enter the email address that’s setup in Okta and Huntress
4. Click Login Now