Okta SSO Setup
This article outlines how to setup SSO with Okta
Rachel Yonan avatar
Written by Rachel Yonan
Updated over a week ago

Okta Overview

Okta is an enterprise identity management and single sign-on service that integrates with applications in the cloud, on-premises, or on a mobile device. This documentation describes how to configure a single sign-on partnership between Okta as the Identity Provider (IdP) and the Single Sign-On Service (SSO) for Security Journey as the Service Provider (SP). All SSO communication takes place over TLS/SSL.

Prerequisites

In order to set up SSO on Security Journey with Okta, you will need:

Security Journey

  • An account with Admin privileges

Okta

  • Okta, version 2016.07 or later

  • A user with Application Admin privileges

Supported Features

The Okta + Security Journey (formerly HackEDU) SAML integration currently supports the following features:

For more information on the listed features, visit the Okta Glossary.

Configuration Steps

1. Login to Okta with your Admin account, navigate to Applications

2. Click "Browse App Catalog"

3. Search for "Security Journey" and click "Add Integration"

4. After adding the application, you can update the application label (if desired). You will also want to check the box under Application Visibility > Do not display application icon to users. Then click Next.

Our site doesn't support IdP-initiated login flow but you can simulate this by following the instructions below.

5. From here, you will see your Sign-On Options. The default will be SAML 2.0. You will need to locate your Okta Metadata URL to copy and upload to Security Journey.


SP-initiated SSO

Once configured, your learners can login here: https://my.securityjourney.com/

Simulating an IdP-initiated sign-in flow

Security Journey only supports SP-initiated sign-in. However, you can simulate IdP-initiated login by using the "Bookmark only" sign on setting within the catalog app.

To set up, please follow the steps below:

  1. Follow configuration steps 1-4, except leave the Application Visibility > Do not display application icon to users unchecked. Then click Next.

  2. Under the Sign-on Method Settings click "edit"

  3. Choose "Bookmark-only"

  4. Enter your company's domain

  5. Click Save

Troubleshoot

If you are seeing the following error, you are probably trying to login from the Okta Dashboard (IdP-initiated sign-on flow) without setting up an Okta Bookmark App:

Invalid samlResponse or relayState from identity provider

Did this answer your question?