In this document, We will see how to configure SAML based SSO for Zilla Security using Okta as IDP ( Identity Provider )
Prerequisite
You must have an admin account with Zilla Security
SSO should not have been configured or SSO configuration must be deleted using admin settings
Okta account with admin privileges
Let us start,
Do login into Zilla Security using an admin account, Visit configure SSO page which shall look like following, Check SAML box & click on configure
A dialog like following shall open,
We have all the fields here necessary for configuration keep this SAML Config Dialog open & open a new tab sign in into your organization Okta account with admin privileges.
On Okta dashboard Switch to Classic Ui if you’re on Developer UI ( If your not admin you will not see these options )
Choose Applications → Applications tab
Click on Add Application button on applications view
The add application form will provide search box & Create New App buttons select Create New App
Ap pop up will appear select Web as a platform if not already selected & SAML 2.0 as the sign-on method. Click Create.
Fill in the General settings by providing App name as Zilla Security & Upload App logo from our image
assets, Click Next
You shall see next SAML Settings Page,
On SAML Settings page under the GENERAL section copy paste contents of Zilla ACS URL from Zilla SAML config dialog into Single sign-on URL field of Okta SAML Settings form
In Audience URI ( SP Entity Id ) field of Okta SAML Settings form copy paste contents of Zilla Entity ID ( SP Entity ID ) from Zilla Security SAML config dialog
e.g. An account for example.com
will have this URL as https://localhost:3000/account/example.com
.
Note: These URLs will change per environment e.g. for dev Single sign-on URL would be
https://dev.zsec.io/api/auth/sso/saml
& Audience URI ( SP Entity Id ) would behttps://dev.zsec.io/account/example.com
After filling above information you shall see output as follows,
Zilla maps Okta users from their email, Hence we will need to set up
email
attribute. On section ATTRIBUTE STATEMENTS (OPTIONAL) add following custom profile parameters,Name as email & select user.email as value.
Name as firstName & select user.firstName as value.
Name as lastName & select user.lastName as value.
Keep the other options to default & hit the Next button on the bottom of the SAML Settings page.
On the final feedback page answer, the question Are you a customer or partner? by choosing option I'm an Okta customer adding an internal app. & click Finish.
After finish, you will see the application in the sign-on section you shall see SAML 2.0 is not configured until you complete the setup instructions. Click the View Setup Instruction button there.
The Setup instruction page may look like following,
Copy
Identity Provider Single Sign-On URL
from the Okta setup page & paste into Zilla Security SAML config dialogsIDP SSO (Single sign-on) URL
fieldCopy
Identity Provider Issuer
from the Okta setup page & paste into Zilla Security SAML config dialogsIDP Entity ID (Issuer)
fieldFinally, Copy
X.509 Certificate
from the Okta setup page & paste into Zilla Security SAML config dialogsIDP X.509 Certificate
field after filling out everything the SAML config dialog shall look like followingNow before we proceed to validate we need to do one final thing on Okta, We will need to assign users to this newly added app, Navigate back to app instance click on Assign → Assign to Group
We will assign the app to group Everyone click on the Assign button & then click on Done.
We are done with the Okta Idp dashboard setup for enabling SSO to Zilla Service. Now click on the Validate button.
Finally, click on Validate to Zilla Security SAML config dialog user will be redirected to OneLogin & on successful authentication SAML SSO will be successful. Click on Next for finishing the setup.
Whenever a user of your organization, Who is on Okta & Has access to Zilla Security SAML application on Okta, will be allowed to log in.
When you have finished with all the steps above, review the information in Zilla that was synced.
Having trouble? Try our Troubleshooting articles or contact support@zillasecurity.com.