How to Configure SAML 2.0 for IntSights

Contents

• Supported Features
• Configuration Steps
• Notes

---

Supported Features

The Okta/IntSights SAML integration currently supports the following features:

• SP-initiated SSO
• IdP-initiated SSO
• JIT (Just In Time) Provisioning

For more information on the listed features, visit the Okta Glossary.

---

Configuration Steps

1. Log in to IntSights platform as an administrator.

2. Go to Settings > Authentication > SAML single sign on.

3. Enter the following:

   • Check SAML single sign on.

   • Provider name: Select okta.

   • Certificate: Save the following certificate as okta.cert, then upload it to IntSights:

     Sign into the Okta Admin Dashboard to generate this variable.

   • Check Enable SP-initiated login.

   • IDP URL: Copy and paste the following:

     Sign into the Okta Admin Dashboard to generate this variable.

   • Issuer ID: Copy and paste the following:

     Sign into the Okta Admin Dashboard to generate this variable.

   • OPTIONAL: Enable JIT User Provisioning to enable JIT and click Copy Account ID (this is your intsightsAccountId value that will be used in step 4 below).

   • Click Save changes:

   





Note: The following steps are only required if you wish to enable JIT Provisioning




4. In Okta, select the Sign On tab for the IntSights SAML app, then click Edit.

5. SAML attributes (Optional): By default, Okta supports email, firstName, lastName SAML attributes which are required for SAML authentication. If you are going to support JIT, you need to configure the following additional attributes and their values (mappings) under the Attributes (Optional) section of SAML.

   Name	Value
   intsightsAccountId	Enter your intsightsAccountId value you made a copy of in step 3
   intsightsRole	appuser.intsightsRole

   
   

   

6. Click Save.

7. Now you have to add the attributes you added above to an IntSights user profile. Still in Okta, go to Directory > Profile Editor, search for your IntSights app, then select it.

   • Click Add Attribute.

   • Add the following attributes:

   Display Name	Variable Name
   intsightsRole	intsightsRole

   • Click the checkbox for Enum and then entire the following values:

   Display Name	Value
   Admin	Admin
   Analyst	Analyst

   
   

   

   • Click Save.

8. In Okta, select the IntSights app under Applications > Applications, then select the Assignments tab.

   • When assigning IntSights to a user, you'll see the following drop-down options which are required for all users when JIT provisioning is enabled:

     • Admin
     • Analyst

   

9. Done!

---

Notes

• Make sure that you entered the correct value in the BaseURL field under the General tab in Okta. Using the wrong value will prevent you from authenticating via SAML to IntSights.




• The following SAML attributes are supported:

  Name	Value
  email	user.userName
  firstName	user.firstName
  lastName	user.lastName

SP-initiated SSO

1. Go to your IntSights login URL.

3. Click Log In with SSO.

5. Enter your login email address.

7. Click Log In with SSO.