Enable SSO with Okta
To enable single sign-on (SSO) with SAML for Umbrella, you must first add the Okta application for Umbrella to your organization, then follow the step-by-step wizard to complete the process in Umbrella.
Prerequisites
- Full admin access to the Umbrella dashboard. See Manage User Roles.
- Follow the procedure to download the Okta XML metadata file.
Procedure
Download the Okta XML metadata file:
a. To configure Okta for Umbrella to gather the metadata, log in to your Okta dashboard, and then go to the Admin tab. You must log in to Okta dashboard with the same account that you are using in the Umbrella dashboard.
b. Click Applications and then click Add Application. Search for “Cisco Umbrella” and click Add.
c. Assign an easily identifiable label for the application; keep defaults as is for General Settings, and then click Next.
d. Under Sign-On Methods, select SAML 2.0. You can disable force authentication here. Click the Identity Provider metadata and save the downloaded metadata file.
e. Return to the Sign-On Options and from the Application Username Format drop-down list, choose Email and then click Next.
f. Assign the application to one or more users. All accounts that need to access the dashboard now or in the future should be selected here and have the application assigned to them or they will not be able to log in.
Ensure the proper user attributes have been enabled for each account, specifically the username (email). The email must match exactly the email that is used to log in to Umbrella.
- Navigate to Admin > Authentication.
- In the SAML Dashboard User Configuration section, click Enable SAML.
- Click the Okta radio button, and then click Next.
- Click the XML File Upload radio button. Upload the metadata file that you downloaded from Okta, and then click Next.
- Click Test Configuration and enter the Umbrella email for your current logged in user that was added to the Okta application. After the test completes, a success message should be displayed. All authentication to the Umbrella dashboard for all users in your organization is now handled by Okta.
Enable SSO with PingID < Enable SSO with Okta > Enable SSO with OneLogin
Updated over 1 year ago