¶ Okta SCIM/SAML Integration
Exium’s Intelligent Cybersecurity Mesh provides secure access to distributed workforce and IoT devices, protecting businesses from malware, ransomware, phishing, denial of service, and botnet infections in one easy to use cloud service.
From single sign-on to enhanced user provisioning Okta’s Exium integration handles users and groups seamless access to Exium. Administrators can easily attach Exium security policy groups to Okta user groups. Unique features of this integration are
- Simple steps to integrate Okta API with Exium
- Push New Users from Okta to Exium
- Push User Profile Updates from Okta to Exium
- Push User Groups from Okta to Exium
- Push User Deactivation from Okta to Exium
- Reactivate Users from Okta to Exium
- Single sign-on from Okta to sign-on to Exium
This note explains how to configure Okta Exium application settings and Exium Workspace settings so that Okta Users and User groups can be synced with Exium workspace in real time and SSO from Okta can be used to sign-on to Exium Service.
Following steps elaborate Okta SCIM API Integration with Exium
¶ 1. Add Exium app on Okta
In Okta, you can add Exium application in your Okta account by browsing app catalog and search for Exium app. Click on Applications on left navigation bar. On Applications page, Click on Browse App Catalog button as shown below.
As a next step, search for Exium in search bar of Browse App Integration Catalog. It’ll show Exium app with logo. Click on Exium app with Logo as shown below.
As a next step, Click on Add Integration as shown below.
By default, application label is shown as Exium. If you wish to change the app name, change the Application label field as shown below. Click on Done.
¶ 2. Select Okta as Sign-in Option and Update SAML URL on Exium
For Okta SSO Integration, Okta has to be selected as Sign-in option under Exium service. To do that, SAML 2.0 IDP Metadata URL is required. SAML 2.0 IDP Metadata URL has to be copied from Okta Exium app and same has to be pasted in Exium. Following steps elaborate on this.
¶ 2.1 Copy SAML URL on Okta
Click on Sign On tab under newly created Exium app. Click on View SAML Setup Instructions as shown below.
Copy SAML 2.0 IDP Metadata URL under Configuration Steps section as shown below.
¶ 2.2 Select Okta as Sign-in Option on Exium
To change Okta as Sign-in option, follow below steps.
- Navigate to the MSP admin console → Companies
- Click on Integrations → SCIM/SAML SSO
- Select Okta as Sign-In Type
- Paste SAML 2.0 IDP Metadata URL (which was copied in previous section) in IDP Metadata URL field as shown below. Click on Save.
¶ 3. Sign-On Settings on Okta
As a next step, Sign-On settings under Okta has to be updated so that two way communication is up for SAML between Okta and Exium. To do this, Workspace ID has to be copied from Exium service and has to be pasted in Okta Exium app.
¶ 3.1 Copy Workspace ID on Exium
Click on Profile tab under Settings page on Exium. Click on copy next to Workspace ID as shown below. It’ll copy Workspace ID to clipboard.
¶ 3.2 Update Sign-On Settings on Okta
Click on Sign On tab under Exium app on Okta. Click on Edit under Settings section. Paste Workspace ID (copied in previous section) under Advanced Sign-on Settings section. Under Credentials Details section, Select Email as Application username format from dropdown as shown below. Click on Save.
¶ 4. Provisioning Settings on Okta
For Okta SCIM Integration, SCIM Bearer Token has to be copied from Exium service and same has to be copied in Okta Exium app. Following steps elaborate on this.
¶ 4.1 Copy SCIM Bearer Token on Exium
Click on copy next to SCIM 2.0 Bearer Token under SCIM/SAML SSO page on Exium as shown below. It’ll copy SCIM 2.0 Bearer Token to clipboard.
¶ 4.2 Update SCIM Bearer Token on Okta
Click on Provisioning tab under Exium app on Okta. Click on Configure API Integration as shown below.
Click on Enable API Integration. Paste the SAML 2.0 Bearer Token (which was copied in section 4.1) under API Token as shown below. Click on Test API Credentials. If token is correctly pasted from Exium to Okta, it gives a message as Exium was verified successfully as shown below. If this message is not shown, copy the token again from Exium (section 4.1) and paste again. Finally, click on Save.
As a next step, click on Enable for different sections as shown below and Click on Save.
¶ 5. Assigning User Groups on Okta
As a next step, you can assign users to Exium app on Okta. This can be done whenever you wish to add more users to Exium app. Click on Assignments section under Exium app and Click on Assign and Select on Assign to Groups as shown below.
On Assign Exium to Groups pop over, You can choose and assign groups by clicking on Assign as shown below. After everything is done, Click on Done.
You can enter some details related to required fields as shown below, Click on Save and Go Back
After groups are assigned, you need to push groups to Exium app. Click on Push Groups tab. Under Push Groups to Exium, select Find groups by name.
Search for the group name and select the Group as shown below and Click on Save.
¶ 6. Assigning Users on Okta
As a next step, you can assign users to Exium app on Okta. This can be done whenever you wish to add more users to Exium app. Click on Assignments section under Exium app and Click on Assign and Select on Assign to People as shown below.
On Assign Exium to People pop over, You can choose and assign users by clicking on Assign as shown below. After everything is done, Click on Done.
You can make the changes on User name (if you want to), Click on Save and Go Back
¶ 7. Check Users and Groups on Exium
All the users and groups assigned to Exium app on Okta are synced through SCIM to Exium service. On Exium Admin Console, Click on Users box. Under Users page, you will see all the assigned users (with associated groups) are synced from Okta to Exium.
On Exium Admin Console, Click on Users box. Under User Groups page, you will see all the assigned groups are synced from Okta to Exium.
¶ 8. Verify SSO on Admin Console
If you are part of admin group, you can access admin console through Okta. you can enter your workspace name on service portal by entering the workspace name. Browser opens one more tab for Okta authentication. (Note: Some browsers block popups. You need to allow the popup to allow one more tab to be opened to take Okta authentication). Exium sign-in page redirects to Okta SSO authentication. On Successful Okta SSO authentication, User gets logged in to Exium.
If you have any issue during integration, contact us at support@exium.net or raise a ticket on https://exium.net/help-center/
If you would like to see how Exium can help defend your organisation, contact us at hello@exium.net