Skip to content

Okta SAML Configuration

Use this guide to create a new SAML integration with Okta for user authentication.

Requirements

  • Administrator access to the Okta tenant to create a new Application and Assignment for the application.
  • Administrator or Configuration Manager access to the 12Port Horizon tenant to create this configuration.
  • 12Port does not read accounts from the internal Okta user directory. These Okta users must originate from a directory source that is synced with Okta and integrated with 12Port, like Active Directory, or an accompanying Local User must exist in the 12Port tenant with an identical login name.

Okta Configuration

The first step is to create an Okta Application that is used for single sign-in user authentication.

  1. Log in to your Okta tenant with an account that can create a new Application and define Assignments.
  2. Navigate to Applications > Applications and click Create App Integration.
  3. On the Create a new app integration prompt, select the Sign-in method SAML 2.0.
  4. For the Create SAML Integration steps, follow the guidance provided below:
    • In General Settings, define a App name and optionally complete the remaining steps. Click the Next button to continue.
    • In SAML Settings, follow the guidance provided below and when complete, click the Next button to continue. All other parameters on this page not mentioned below can be left as their default.
      1. Single sign-on URL: Enter your full 12Port Tenant URL followed by /auth/login. For example: https://12port-contoso.com:6443/ztna/ProductionA/root/auth/login
      2. Audience URI (SP Entity ID): Enter your full 12Port Tenant URL followed by /auth/login. For example: https://12port-contoso.com:6443/ztna/ProductionA/root/auth/login
      3. Name ID Format: Unspecified - select this value.
      4. Application Username: Email - select this value.
    • On the Feedback page, complete the page as required and click Finish to complete the operation.
  5. After the Application is created, navigate to the Assignments page and assign all the People or Groups that should be given to this application. Assignment is required so that these users can authenticate into 12Port using the Okta SAML option.

12Port Tenant Configuration

The next step is to configure this Okta Application in your 12Port Tenant.

  1. Log in to the 12Port Tenant with an Administrator or Configuration Manager account.
  2. Navigate to Configuration > SAML and click the Add button.
  3. Click on the parameter name for details about each or follow the guidance provided here:
    • Name: Enter a unique and recognizable name for this integration. This name will appear on the Login button for SAML authentication on the 12Port Login page for this tenant.
    • IdP Metadata: Copy and paste the Okta Metadata file content into this field in its entirety. You can retrieve this metadata file content from the Okta application created in the previous steps from its Sign On page. On this page, locate the Metadata URL, open this URL in your browser and copy/paste the complete content of this page into this parameter.
    • Backend Directory: Select the backend directory where the user with an identical Okta login is located. For example, if the Okta users are synced from Active Directory, and this Active Directory is integrated with 12Port, select this directory from the dropdown menu.
    • Provide Your Key Pair: Leave this option disabled to have 12Port import the key pair from Okta. If you have a Public/Private Key pair, enable this option and provide them in the respective Public Key, Private Key and Private Key Password parameters.
    • Enabled: Click this switch to enable this integration. Enabled SAML integrations will appear as separate login buttons on the 12Port Tenant login page.
  4. Click the Save button to complete this operation.

Verify your Okta SAML Integration

Return to the Configuration > SAML page and use the Actions menu for this integration and select the Test Connection button to verify a successful integration. When prompted, authenticate using the account that was given Assignment in the Okta application and has permission to this 12Port tenant. Once the authentication process is successful, you should be redirected into this Horizon tenant, confirming the integration is complete.

Additionally, you may open a new private browser and navigate to the tenant's login page. On the page, you will see a blue button below the user form with the label "Login with <Name>". When you click on this SAML login button, you will redirect to Okta where you can authenticate your credentials and upon successful validation, you will be redirected into this tenant.

Login with Okta SAML

Note

If you experience any error messages during this authentication flow, please review your Okta configuration for resolution methods.