Knowledge base
Knowledge base
Breadcrumbs

Okta Identity Provider Configuration

Last Updated: 2025-04-10


Purpose

This article provides instructions to set up and configure Okta Identity provider (IdP) for OUTSCAN or HIAB using Security Assertion Markup Language (SAML) protocol.

Introduction

The Okta Identity Provider configuration enables integration between the Outpost24 platform and the Okta identity and access management service using the Security Assertion Markup Language (SAML) protocol. Okta acts as an external identity provider that authenticates users and returns verified identity information to the application during the login process. This allows users to access the platform through Single Sign-On (SSO), where authentication is performed by Okta rather than directly by the application.

By configuring Okta as the identity provider for OUTSCAN or HIAB, organizations can connect the platform to their centralized identity management infrastructure. When a user attempts to sign in, the authentication request is redirected to Okta, which verifies the user credentials and returns a trusted SAML assertion to the platform. This assertion confirms the user identity and allows the system to grant access without requiring a separate password within the platform itself.

Using Okta for authentication improves both security and administrative efficiency. Centralized identity management allows organizations to enforce consistent authentication policies, including multi-factor authentication and user lifecycle management, across multiple systems. It also reduces the need to maintain separate user credentials while providing a unified login experience for users accessing security and vulnerability management tools.

Okta Configuration

This section describes the steps to configure Okta (IdP) by creating an application in order to integrate with OUTSCAN or HIAB solution.

Create an application

To create an application:

  1. Login to Okta portal with administrative privileges and then navigate to Applications/Applications in the left menu as shown below:

    image2022-6-13_17-20-48.png



  2. Then click the Create App Integration button that will open a window to create a SAML application integration.

    image2022-6-13_17-23-26.png



  3. Select SAML 2.0 and then click the Next button. This open a new window to create the application.

  4. Name the application and provide a logo and click on the Next button.

    image2022-6-14_9-19-4.png



  5. Once the general settings are entered, continue to the SAML configuration step where you need to add OUTSCAN or HIAB URL. Adjust both Single sign on URL and Audience URI (SP Entity ID) by replacing <OUTSCAN/HIAB_FQDN_OR_IP> with the FQDN or IP address of your OUTSCAN or HIAB setup in the following text:

  • Single sign on URL

SAML Settings

https://<OUTSCAN/HIAB_FQDN_OR_IP>/opi/XMLAPI?ACTION=SAMLRESPONSE&UUID=<customeruuid>

  • Audience URI (SP Entity ID)

SAML Settings

https://<OUTSCAN/HIAB_FQDN_OR_IP>/opi/XMLAPI?ACTION=SHOWSPMETADATA&UUID=<customeruuid>

The <customeruuid> must be replaced by the uuid value that matches your account. You can find the customeruuid value in the SP metadata XML file that you downloaded from Outpost24 OUTSCAN/HIAB by clicking on the SP Metadata button in Identity Provider integration window. The XML file contains several URLs with 'UUID=' pattern, just take the value from here. For instance a valid customer uuid is like this 1c428568-91ff-4c40-8537-d0d523b22ed3.

  1. Your configuration should then look as follow:

image2022-6-15_11-8-3.png



  1. To allow the OUSTCAN or HIAB application to properly identify the Identity during the authentication phase, you need to declare the same attribute in both OUTSCAN or HIAB and the identity Provider (IdP). In Okta, this can be done by adding an attribute as shown below.

    image-20250313-140230.png

Attribute Name considerations

The uid is a reserved name in Outpost24 software to truncate the USERNAME to the part below the @ sign, meaning that if you want to use email address as USERNAME, you can not use uid as attribute name, but you can use any other string (such as emailAddress).



  1. Once done, you can preview the SAML assertion and then click the Next button.

    image2022-6-14_11-55-54.png


  2. After answering Okta Support question, click the Finish button to create the application.

    image2022-6-14_11-58-14.png


  3. Once you have created the OUTSCAN or HIAB application on Okta Identity Provider, you need to assign users or groups to this application. In our example below we are using a group that makes management easier.
    Open the Assignments tab and click on the Assign button.

  4. Select Assign to Groups to start assigning groups to the application.

    image2022-6-14_12-5-47.png



  5. Choose a group to assign and click on the blue Assign text.

    image2022-6-14_12-8-12.png



  6. When the users or groups has been assigned to the application, click the blue Done button.

    image2022-6-14_12-9-57.png



  7. Your assignment is now populated.

OUTSCAN or HIAB Configuration

To configure OUTSCAN/HIAB to use OneLogin as identity provider, you need to achieve the following steps:

  • Retrieving the metadata file describing the identity provider

  • Adjust the metadata file (if needed)

  • Uploading the metadata file in OUTSCAN/HIAB

Retrieve Identity Provider Metadata file

To retrieve the IdP metadata file, you need to open the Sign On tabulation of your application.

image2022-6-14_12-36-53.png


Then scroll down to the SAML Signing Certificates section and then click on the Actions button menu to View the IdP metadata.

image2022-6-14_12-38-30.png


This opens a new page in your browser that you can save on your computer and reuse later while configure the IdP in OUTSCAN or HIAB software.

Adjust Identity Provider Metadata File

To integrate an Identity Provider (IdP) in OUTSCAN or HIAB, you have to upload the SAML Metadata file describing the IdP. This file must comply to the SAML standard.

Upload the SAML Metadata File

Adjust the SAML metadata file from your identity provider to meet platform requirements and enable successful Single Sign-On integration in OUTSCAN or HIAB.

Setting Up Identity Provider

Configure identity provider settings to enable SAML-based single sign-on and centralized authentication for secure access to OUTSCAN or HIAB.

When setting up a SSO for a sub-user, the UID must be the same as the e-mail address.

Netsec_Maintaning_User_Account_SSO_Subuser.png


Test the Integration

SP initiated SSO, for example from Outpost24 

  1. Go to https://outscan.outpost24.com. (or alternatively go to your HIAB https://<hiab-ip-address> if you integrate Okat with HIAB)

  2. Enter your username.

  3. Click on Single Sign-On.

  4. Enter your username and password on the Okta page you have been redirected to.

  5. Click Sign In.

  6. You will be redirected to OUTSCAN and authenticated.


If you have 2-factor authentication enabled on OUTSCAN, you must provide it before you log in.

IdP initiated SSO, for example from Okta

  1. Login to okta <YourDomain>.okta.com.

  2. Click on <Outscan/Hiab> to be redirected to Outpost24 OUTSCAN/HIAB

  3. You are redirected to either NetSec or Portal UI depending on the settings you set in NetSec UI Identity provider integration window.

Reference

Okta SAML concepts overview: https://developer.okta.com/docs/concepts/saml/

Okta SAML integration: https://developer.okta.com/docs/guides/build-sso-integration/saml2/main/



Related Articles