The Okta/Forter SAML integration currently supports the following features:
For more information on the listed features, visit the Okta Glossary.
Sign in to your Forter account.
Navigate to Account > Settings > Single sign-on and follow the steps below:
Metadata IDP link: Copy and paste the following:
Sign into the Okta Admin dashboard to generate this value.
Note your Single Sign On URL and Audience Restriction values.
Enter your company Allowed mail domains, then click + (plus) to add.
OPTIONAL GROUPS: If you want to pass Okta groups as part of the SAML response:
Check Enable security groups mapping box.
Map your Okta groups to Forter's user roles: Enter the corresponding Okta group for each Forter's user role.
Note: In our example we have used ForterUser, ForterFinancial, ForterTech, and ForterSupport Okta group values.
Click Save Configuration:
In Okta, select the Sign On tab for the Forter app, then click Edit.
OPTIONAL GROUPS: Select your preferred group filter from the userGroups dropdown list (the Starts with rule with the value Forter in order to send a groups which start with the Forter value we used in our example) for the attribute.
Scroll down to the ADVANCED SIGN-ON SETTINGS section.
Enter the Single Sign On URL and Audience Restriction values you made a copy of in step 2 into the corresponding fields.
Click Save:
The following SAML attributes are supported.
Okta sends the following default attributes as part of the SAML assertion:
| Name | Value |
|---|---|
| firstName | user.firstName |
| lastName | user.lastName |
| user.email | |
| userGroups | This is configured in the app UI; see userGroups attribute instructions above. |
| userType | appuser.userType (see userType attribute instructions below) |
The userGroups or userType attribute is required. Forter prevents the user from connecting until he is configured with a correct security group (userGroups) or a userType attribute.
userGroups has higher priority over userType.
Forter does not support multiple user groups. Users that will have multiple Forter groups in Okta will get wrong configuration message – Login failed. please contact your identity provider admin.
Here is an example describing how to add and use the userType attribute:
In Okta, navigate to Directory > Profile Editor.
Search for the Forter app, then click on Profile:
Click Add Attribute, then enter the following:
Display Name: Enter User Type attribute name.
Variable Name: userType.
Important: You must use the following variable name for the userType attribute: userType.
Click Save.
Note: Scope (optional): If you check User personal, it means that the current attribute will be available once you assign the user to the Forter application and will not be available once you assign the group to the app.
Click Map Attributes:
Select the Okta to Forter tab.
Start typing the required attribute from the Okta Base User profile (or use the drop down list) and select the attributes you want to map.
In our example, we have selected the userType attribute, then use the green arrows (Apply mapping on user create and update).
Click Save Mappings:
Click Apply updates now:
Okta will now pass the userType attribute with the value of the userType field from the Okta Base User Profile.
NOTE:
The userType attribute supports the following values:
financial
user
support
tech
Open the following URL: https://portal.forter.com/login/sso.
Enter your company domain value.
Click SIGN IN USING YOUR IDENTITY PROVIDER:
