Okta Overview
Okta is an enterprise identity management and single sign-on service that integrates with applications in the cloud, on-premises, or on a mobile device. This documentation describes how to configure a single sign-on partnership between Okta as the Identity Provider (IdP) and the Single Sign-On Service (SSO) for Security Journey as the Service Provider (SP). All SSO communication takes place over TLS/SSL.
Prerequisites
In order to set up SSO on Security Journey with Okta, you will need:
Security Journey
An account with Admin privileges
Okta
Okta, version 2016.07 or later
A user with Application Admin privileges
Supported Features
The Okta + Security Journey (formerly HackEDU) SAML integration currently supports the following features:
SP-initiated SSO
JIT (Just In Time) Provisioning
For more information on the listed features, visit the Okta Glossary.
Configuration Steps
1. Login to Okta with your Admin account, navigate to Applications
2. Click "Browse App Catalog"
3. Search for "Security Journey" and click "Add Integration"
4. After adding the application, you can update the application label (if desired). You will also want to check the box under Application Visibility > Do not display application icon to users. Then click Next.
Our site doesn't support IdP-initiated login flow but you can simulate this by following the instructions below.
5. From here, you will see your Sign-On Options. The default will be SAML 2.0. You will need to locate your Okta Metadata URL to copy and upload to Security Journey.
SP-initiated SSO
Once configured, your learners can login here: https://my.securityjourney.com/
Simulating an IdP-initiated sign-in flow
Security Journey only supports SP-initiated sign-in. However, you can simulate IdP-initiated login by using the "Bookmark only" sign on setting within the catalog app.
To set up, please follow the steps below:
Follow configuration steps 1-4, except leave the Application Visibility > Do not display application icon to users unchecked. Then click Next.
Under the Sign-on Method Settings click "edit"
Choose "Bookmark-only"
Enter your company's domain
Click Save
Troubleshoot
If you are seeing the following error, you are probably trying to login from the Okta Dashboard (IdP-initiated sign-on flow) without setting up an Okta Bookmark App:
Invalid samlResponse or relayState from identity provider