Okta IdP SSO Integration Guide

Overview

Spambrella supports integration with Identity Providers for authentication adhering to Security Assertion Markup Language (SAML) standards. Multiple identity providers for an organization are fully supported.

Spambrella supports single sign-on (SSO) via Security Assertion Markup Language. When working with an external IdP, it can be set up as your identity provider (IdP) for SSO to the Admin Console.

Okta SAML/SSO Configuration

  1. Navigate to Administration > Account Management > Identity Providers.

    clipboard_ed6d9e743a57df22c428e7246e1fecdd6.png

  2. At the top right-hand corner, click ADD IDENTITY PROVIDER.
  3. In the New Identity Provider dialog panel, add a meaningful name and description to the Identity Provider. The given name will display on the Identity Provider button on the main login screen.

    clipboard_e2c83480a548465a152f9345d0c18249d.png

  4. In the Icon section, select the appropriate icon according to your desired integration (Okta).
  5. Click Next.

Configuring SAML/SSO In Okta Portal

  1. Log into Okta as administrator.
  2. Select Application > Add a New SAML App – > Create SAML Integration.clipboard_ee8e17277d6c5891d51290c38d4cf26a8.png
  3. Give your app a name and select next.

    clipboard_ed80c87978cc63cad3f9051865343dd3e.png

  4. Copy and paste the values from Spambrella Identity Provider setup into the following fields.
    Okta

    Spambrella

    Single sign on URL Login URL

    Audience URI (SP Entity ID)

    Single Logout URL Logout URL
  5. Check/Tick Use this for Recipient URL and Destination URL
  6. Change Name ID format to EmailAddress
  7. Change Application username to Email
  8. Under Signature Certificate, add Certificate from Essentials IDP create (Upload file with cert)
  9. Click Finish.
  10. Click View SAML setup Instructions

clipboard_ed17a47dbdc8df1dcf3dd8a46490f2297.png

16. Copy and paste the values into the Spambrella Identity Provider setup from the Okta SAML setup instructions.

Microsoft Azure Spambrella
Identity Provider Issuer Identity Provider Single Sign-On URL
Identity Provider Single Sign-On URL Identity Provider Login URL
Identity Provider Single logout URL

Identity Provider Logout URL

X.509 Certificate

Identity Provider X.509 Certificate

clipboard_edaa7411a0f73f3f67f8d984c0421ebec.png

17. Click Enable Single Sign-On. When enabled, the Identity Provider Sign in with button will display on main login screen.

18. Click Save and Close.

19. Finally, ensure users or groups are assigned to the application to enable SSO usage.

FAQ

Will any other third-party Identity providers be made available in the future?

Spambrella seamlessly integrates with various third-party Identity Providers including Microsoft Azure Active Directory and Okta Identity Cloud. Further third-party Identity Providers will be added soon, including G Suite/Google Cloud Identity, as well as any SAML 2.0 capable system.

Will I receive a notification if my SSO settings are changed?

Yes, an email will be sent to the organization tech contact informing them of a change and include details of the type of change (Added, Deleted or Changed)

If I have an account on multiple sites, will I be prompted to enter a passcode for each account?

To ensure a greater security posture across all sites, if you have multiple accounts, you will be required to enter a passcode when logging in, per account, per site.  Upon successful login, you will not be prompted to enter another passcode for 12 hours.

Will two-step authentication work with my SSO provider?

Yes, you can use your identity provider 2 step authentication process to log in.