Help Center
News
Help Center
News
Popular
Spirion Sensitive Data Platform v13.5 Released!How to Write a PlaybookarchTIS Acquires U.S. Data Security Firm Spirion to Accelerate Global Expansion and Expand Data-Centric Security OfferingHow to Configure Single Sign-On (SSO) Using Microsoft EntraHow To Configure Single Sign-On (SSO) using Okta Identity ManagementHow to Quarantine OneDrive Files
Architecture and High-level Information
Scans
Agents
How to Use Dashboards
How to Use Data Asset Inventory
How to Install\Uninstall and Set Up Spirion Sensitive Data Platform
How to Use Logs
How to Manage Users and Roles
Settings and Resources
Additional Resources
Reports
Reporting API
Customer Support Articles

How To Configure Single Sign-On (SSO) using Okta Identity Management

This article describes how to set up Single Sign-on (SSO) in Spirion Sensitive Data Platform using Okta

Before You Start

Required Fields

  • When filling out user mapping the fields Id, Username, and Email all show a red star next to them to indicate these are required fields.
  • Contact email, first name, and last name are also required fields.
  • Do not click the slider to enable Single Sign On until you are finished with this process.

Okta is a cloud-based identity and access management (IAM) company that provides a platform to manage user identities and control access to applications and resources. It helps organizations secure their systems by verifying user identities, automating user lifecycles, and providing features like single sign-on (SSO) and multifactor authentication (MFA) to improve security and productivity. 

How to Set Up Single Sign-On (SSO) with Okta

How to Enable the Module

Procedure:

  1. In Spirion Sensitive Data Platform, in the blue navigation menu on the left side of the page, navigate to Settings > User Management > Single Sign On.

  2. At the top of the page, set the Enable Single Sign On slider to the left - disabled (grey) - until the very end of the process. 
    1. This setting enables and disables SSO functionality.
    2. We recommend leaving this disabled until all settings are configured.
  3. Select the blue Edit button on the bottom right of the screen to configure Single Sign On with Okta.

How to Set Up an Okta App

Procedure:

  1. Navigate to your Okta admin page.
  2. Select Applications from the left and side of the screen.
  3. Select create new app integration.
  4. Select the SAML 2.0 radio button from the list in the pop-up menu.

  5. Click Next.
  6. Enter a name for the SAML Integration App.
    1. In this example, we are using SpirionSSO.
    2. You may add a logo and hide the app on this screen if you wish.
  7. Click Next.
  8. Open the Sensitive Data Platform console in another browser window.
  9. Navigate to Settings > User Management > Single Sign On.
  10. Copy out the URL from the Entity ID section.

  11. Paste the URL into the Single sign-on URL box and add /ACS to the end of the URL.

     
  12. Paste the URL again into the Audience URI field. 


     
  13. Other settings can remain as default. However, some organizations may require these settings to be filled in in a specific way. Consult your Okta Admin just in case.

How to Map Okta Data to Spirion Sensitive Data Platform SSO

Okta breaks up the data mapping into two sections.

  • Section One is the Attribute statements
  • Section Two is for Groups

Attribute Statements

The following table shows the matching of the attributes from the Spirion Console to Okta.

These mappings can change from organization to organization with exception of ID URI which must be http://schemas.microsoft.com/identity/claims/objectidentifier and must be mapped to user.id as shown in the bottom filed.

When filling out the Okta Statements the URI goes in the name field, the Name Format is always going to be URL Reference, and the Value is from the column Okta Value in the table below. Below the table is an example entry.

Sensitive Data Platform Console Attribute Name

URI of the Attribute

(Name field on the Okta Attribute Statement screen)

Okta Value
Idhttp://schemas.microsoft.com/identity/claims/objectidentifieruser.id
Usernamehttp://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifierUser.displayname
Emailhttp://schemas.microsoft.com/ws/2008/06/identity/claims/emailaddressuser.email
Contact Emailhttp://schemas.microsoft.com/ws/2008/06/identity/claims/emailaddressuser.email
First Namehttp://schemas.xmlsoap.org/ws/2005/05/identity/claims/givennameuser.firstName
Last Namehttp://schemas.xmlsoap.org/ws/2005/05/identity/claims/surnameuser.lastName
Phone Numberhttp://schemas.microsoft.com/ws/2008/06/identity/claims/phoneuser.primaryPhone
Departmenthttp://schemas.xmlsoap.org/ws/2005/05/identity/claims/departmentuser.department
Positionhttp://schemas.microsoft.com/identity/claims/jobtitleuser.title
Addresshttp://schemas.microsoft.com/ws/2008/06/identity/claims/locationuser.postalAddress

Example Entry

Group Attribute Statements

The only attribute that goes into the Group Attribute Statement is for Spirion user Roles

The URI that populates the names field for this is: http://schemas.microsoft.com/ws/2008/06/identity/claims/groups

  • The filter is for the Group(s) that your organization set up in Okta that it would like to have access to Spirion Sensitive Data Platform (SDP).
  • You can have more than one filter.
  • For roles to be assigned to Users in Spirion Sensitive Data Platform they must be a part of an OKTA group that has been assigned to the SSO app.  
  • For example, if you already have a group created that you want to use, just assign them to the SSO app, or create a new group and add it to the SSO app.  
  • Every user added to the group inherits those permissions.  
  1. Next, define the group settings by picking a filter that will be easiest to associate to your groups.  

Group Attribute Example
Group Attribute Statements (optional) pop-up box

  • Once this is complete, click Next.

Feedback

This page is optional and not required.

  • However, support recommends putting this guide in the supported documentation box just in case you need it for future reference.
  • Select the radial button that this is an internal app and click Finish.

How to Link Okta with Spirion Sensitive Data Platform

Procedure:

  1. In Okta, on the left side navigation menu, click Applications.
  2. Click the Application made in the previous section.
    • In our example, it would be called SpirionSSO
  3. Click Sign On from the ribbon in the middle of the screen.
  4. Click the blue Copy link under the Metadata URL in the SAML 2.0 box under Settings.

  5. Paste this URL into the box under Identity Provider Metadata in the Sensitive Data Platform console.

How to Configure Roles

The Roles Configuration section maps Okta directory groups to Spirion Sensitive Data Platform user Roles.

  • To configure this section, refer to the Group Attribute that was set up under the Group Attribute Statements section.
  1. Select the Spirion Sensitive Data Platform Role from the combo box on the left 
  2. Type the Okta Group name into the box on the right.
  3. If you have more than one group do this for EACH Okta Group that was specified under the Group Attribute Statements.

How to Complete Single Sign-On in Spirion Sensitive Data Platform

Procedure:

  1. Once all fields in the sections above are finished click Save.
  2. Slide the bar for Enable Single Sign On to the right so that it is blue
  3. Single Sign-On configuration with Okta is now complete.

Was this article helpful?

Powered by Product Fruits