How to Configure SAML 2.0 for Symantec Endpoint Protection Cloud


Before you Begin

Read this before you enable SAML

The validity period for SAML certificates for the Symantec Endpoint Protection Cloud application is limited to 10 years. You need to be sure you are using a valid certificate for this application.

To check/update the certificate, follow the instructions below:

  1. Download the following certificate (your current certificate) and save it as okta.cert.

    Sign in to the Okta Admin app to generate this variable.

  2. Run the following OpenSSL command in a terminal:

    openssl x509 -in okta.cert -text –noout


    okta.cert is your certificate file from the previous step.

  3. Check the validity period, as show in the example below:


  4. If your certificate validity period = 10 years, continue with your application configuration, as described in SAML 2.0 Configuration, below.

  5. If your certificate validity period = 30 years, follow these steps:

Supported Features

The Okta/Symantec Endpoint Protection Cloud SAML integration currently supports the following features:

For more information on the listed features, visit the Okta Glossary.

Configuration Steps

  1. Log in to Symantec Endpoint Protection Cloud as an administrator.

  2. Navigate to Settings > Identity Provider, then enter the following:

    • Identity Provider: Select Okta from the Choose Provider drop down menu.

    • RelayState: Make a copy of this value.

    • Signature Certificate: Click Download, then save the certificate.


  3. In Okta, select the Sign On for the Symantec app, click Edit, then enter the following:

    • Default Relay State: Enter the RelayState value you made a copy of in step 2 into this field.

    • Check the Enable Single Logout box.

    • Signature Certificate: Click Browse to locate the certificate you saved earlier, then click Upload.

    • Click Save.

  4. Go back to the Symantec Endpoint Protection Cloud, Identity Provider settings:

    • Copy and paste the following metadata into the Import metadata (optional) field, then click Upload.

      Sign into the Okta Admin dashboard to generate this value.

    • Wait for the Sign In URL, Sign Out URL, IdP Entity ID, and Validation Certificate fields to be populated.

    • Click Save.

  5. Done!


The following SAML attributes are supported:

SP-initiated SSO

  1. Go to https://securitycloud.symantec.com/cc/#/landing.

  2. Click Sign In:

  3. Enter your Email Address.

  4. Click Sign In:

  5. symantec4.png