How to Configure SAML 2.0 for ThreatStream Saas

1. Contact your account executive and request that they enable SAML 2.0 for your account.

2. Attach the following information to your request:

   • Okta Application ID: Copy the following value:

     Sign into the Okta Admin dashboard to generate this value.

     Then provide the token value that starts after http://www.okta.com/.

     For example, the value in red here: http://www.okta.com/exk1c05jb6uS4hyJe1d8 .

   • Organization subdomain: Your Okta subdomain. Copy the following value:

     Sign into the Okta Admin dashboard to generate this value.

     Then provide the subdomain value before okta.com.

     For example, the value in red here: https://YourOktaSubdomain.okta.com.

   • Certificate in text format: Copy and paste the following:

     Sign into the Okta Admin Dashboard to generate this variable.

3. The ThreatStream team will process your request. After receiving a confirmation email, you can start assigning people to the application.

4. In Okta, select the General tab for the ThreatStream Saas app, then click Edit.

   • Enter your Okta subdomain into the Company subdomain field.

   • Click Save.

   

5. Done!

Notes:

• The following attribute is supported:

  • user.email

• SP-initiated flows and IDP-initiated flows are supported.

• Just in Time (JIT) provisioning is not supported.

For SP-initiated Flows

Go to: https://optic.threatstream.com/api/v1/saml2/okta/sso/?app_id=[okta-application-ID]&subdomain=[your-okta-subdomain].