Okta

How to Configure SAML 2.0 for SendSafely

Contents

Supported Features

The Okta/SendSafely SAML integration currently supports the following features:

For more information on the listed features, visit the Okta Glossary.

Configuration Steps

  1. Sign in to your SendSafely web portal.

  2. Go to: Account Menu > Enterprise Console:

    sign in to Sendsafely web portal, go to Account menu > Enterprise Console

  3. Scroll down to the Authentication Providers section, set Enable SAML Single Sign-On to ON, then enter the following:

    • Public Key Certificate (PEM Encoded): Copy and paste the following:

      Sign into the Okta Admin Dashboard to generate this variable.

    • Sign-in URL: Copy and paste the following:

      Sign into the Okta Admin Dashboard to generate this variable.

    • Sign-out URL: Copy and paste the following:

      Sign into the Okta Admin Dashboard to generate this variable.

    • Click Save Changes:

    enter SAML config values

  4. In Okta, select the Sign On tab for the SendSafely app, then click Edit.

    • Default Relay State: Enter the following: [your-hostname]/auth/saml2/.

      For example, if you log into https://acme.sendsafely.com/secure/

      Your Default Relay State is https://acme.sendsafely.com/auth/saml2/

    • Click Save:

    enter Default Relay State in Okta

  5. Once saved, you will see a Login using Single Sign-on button on the portal login page:

    a Login using Single Sign-on button appears on the login page

  6. Test the SSO login flow and confirm that you are able to authenticate successfully both from the SendSafely login page, and from the Identity Provider. Once SSO is verified to be working, you can enforce SAML SSO login by submitting a request to support@sendsafely.com to disable all other login mechanisms. For security and identity verification purposes, the request must be made by your organization’s SendSafely administrator and submitted as a SendSafely secure package from the administrator’s SendSafely account. (Administrators should log in to their SendSafely account, click the Send link, type a secure message with the request for disabling other login providers, and add support@sendsafely.com as a recipient.)

    Important: Once you disable all other login mechanisms, your users will not be able to sign in through their regular log in page. They will only be able to access the app through the Okta service. SendSafely does not provide backup log-in URL where users can sign-in using their normal username and password. You can contact SendSafely support to turn off SAML, if necessary.

  7. Done!

Notes

Make sure that you entered the correct value in the Hostname field under the General tab in Okta. Using the wrong value will prevent you from authenticating via SAML to SendSafely.


SP-initiated SSO

Option 1

Where only SAML log in is enabled: Open your SendSafely login page URL.


Option 2

  1. Open your SendSafely login page.

  2. Click Login using Single Sign-on:

    3. Click Login using Single Sign On