Documente Academic
Documente Profesional
Documente Cultură
<Partner Product>
Okta
Solution Summary
Okta can integrate with RSA Cloud Authentication Service using SAML. When integrated with Cloud IdP,
Okta can challenge users with policy and context driven multifactor authentication. When integrated with
Application Portal (Identity Router) IdP, Okta can challenge users with policy and context drive
multifactor authentication and provide Single Sign-on (SSO).
RSA SecurID Access Features
Okta
On Premise Methods
RSA SecurID ✔
On Demand Authentication ✔
Risk-Based Authentication (AM) -
Cloud Authentication Service Methods
Authenticate App ✔
FIDO Token ✔
SSO
SAML SSO ✔
HFED SSO -
Identity Assurance
-- 2 -
Okta
This section indicates which authentication methods are supported by integration point. The next section
(Configuration Summary) contains links to the appropriate configuration sections for each integration
point.
IDR Cloud
Authentication Methods REST HFED RADIUS
SAML SAML
UDP TCP
Authentication Methods REST RADIUS
Agent Agent
Supported
✔
- Not supported
n/t Not yet tested or documented, but may be possible
-- 3 -
Okta
Configuration Summary
All of the supported use cases of RSA SecurID Access with Okta require both server-side and client-side
configuration changes. This section of the guide includes links to the appropriate sections for configuring
both sides for each use case.
RSA Cloud Authentication Service – Okta can be integrated with RSA Cloud Authentication Service in
the following way(s):
SAML via RSA Identity Router (IdP)
Cloud Authentication Service – Identity Router IdP Configuration
Okta SAML SP Configuration
SAML via RSA Cloud (IdP)
Cloud Authentication Service – Cloud IdP Configuration
Okta SAML SP Configuration
-- 4 -
Okta
2. On the Basic Information page, specify the application name and click Next Step.
-- 5 -
Okta
-- 6 -
Okta
In the Identity Provider URL field, copy the URL which will be needed later.
Select Choose File and upload the private key.
Select Choose File and upload the public certificate.
-- 7 -
Okta
In the Assertion Consumer Service (ACS) URL field replace <mycompany> with your Okta’s
subdomain.
In the Audience (Service Provider Entity ID) field replace <string> with the value from page 9 of
Okta SAML SP Configuration section.
7. Scroll down to the User Identity section. Set the Identifier Type to unspecified and Property to mail.
-- 8 -
Okta
9. On the User Access page, select the desired user policy from the drop down list.
Refer to the Okta SAML Configuration section for instructions on how to configure the service provider
for SAML SSO.
-- 9 -
Okta
3. Click the Add a Relying Party button on the My Relying Parties page.
4. From the Relying Party Catalog select the +Add button for Service Provider SAML.
5. Enter a name for the Service Provider in the Name field on the Basic Information page and click
Next Step.
6. On the Authentication page, select RSA SecurID Access manages all authentication.
7. From the Primary Authentication Method pulldown select your desired login method either Password
or SecurID.
8. From the Access Policy pulldown select a policy that was previously configured.
-- 10 -
Okta
11. Select Choose File and select the file you download in step 11 of Okta SAML SP Configuration
section.
Note: that the ACS URL, Service Provider Entity ID, and SP signs certificate are now populated.
-- 11 -
Okta
12. Select the Download Certificate button. This will be needed to configure Okta in step 9 of Okta
SAML SP Configuration section.
13. Select Save and Finish.
14. On the top menu click Publish Changes.
15. Return to Okta’s management page and replace the temporary IDP certificate with the certificate you
down loaded in the Okta SAML SP Configuration section.
Refer to the Okta SAML Configuration section for instructions on how to configure the service provider
for SAML SSO.
-- 12 -
Okta
-- 13 -
Okta
-- 14 -
Okta
6. Select Browse and upload a temporary certificate. You will need to return to this step to replace the
temporary certificate with the RSA IdP certificate once the RSA side is configured.
7. Enter the entityID in the IDP Issuer field.
8. Enter the location URL in the IDP Login URL field, in format
9. Select IDP Binding method HTTP-Post.
10. Select the checkbox Enable SP Initiated SAML and click Save Endpoint.
-- 15 -
Okta
-- 16 -