Single Sign On enables you to connect your Okta Active Directory with the Phriendly Phishing for company administrators to log into the Phriendly Phishing dashboard.
Requirements: To create an Okta application you must have super admininistrator access to your company's Okta instance. This is the highest permission levels.
Note: If you have already created an Okta application to synchronise users to the Phriendly Phishing portal please skip to 2.1.7 Configuring the Phriendly Phishing portal
How to setup a SAML applications in Okta
1. Access your Okta Administration application with Super Administrator privileges.
2. Switch to Admin.
3. Navigate to Add Applications located in the ‘Shortcuts’ menu.
4. Select Create New App.
5. Ensure Platform is set to Web.
6. Select the SAML 2.0 radio button.
7. Click Create.
In General Settings
1. Set App name to Phriendly Phishing (or a preferred name of your choosing).
2. Both App visibility options should be set to do Do not display….3. Click Next.
How to Configure Okta SAML SSO
1. Launch Phriendly Phishing https://launch.phriendlyphishing.com/company_admin/saml/acs
2. Tick Use this for Recipient URL and Destination URL.
3. Untick Allow this app to request other SSO URLs.
4. Insert the value PH2System into ‘Audience URL (SP Entity ID).
5. Ensure the Default RelayState field is blank.
6. For the Name ID format field select EmailAddress from the dropdown.
7. In the Application username select Email from the dropdown.
How to Configure SAML – Advanced Settings
1. Click Show Advanced Settings.
2. Ensure the Response value is set to Signed.
3. Ensure Assertion Signature is set to Signed.
4. Ensure Signature Algorithm is set to RSA-SHA256.
5. Ensure Digest Algorithm is set to SHA256.
6. Ensure Assertion Encryption is set to Unencrypted.7. Select Enable Single Logout
8. In the Single Logout URL field, insert the value: https://launch.phriendlyphishing.com/company_admin/saml/logout
9. In the SP Issuer field insert the value: PH2System
10. In the Signature Certificate field click Browse.
- Navigate to the PhriendlyPhishingCertificate.crt provided with this guide.
- Select and open the PhriendlyPhishingCertificate.cert file.
- Click Upload Certificate.
11. Ensure the ‘Authentication context class’ is set to PasswordProtectedTransport.
12. Ensure Honor Force Authentication is set to ‘Yes'.
13. The SAML Issuer ID value will remain blank.
14. Click Next located at the bottom of the ‘Create SAML Integration’ page.
Configure SAML – Feedback
1. Select the radio button I'm an Okta customer adding an internal app.
2. Click Finish. You will now be redirected to the Sign On tab for the Phriendly Phishing application.
Generate Certification
1. From the Sign On tab for the Phriendly Phishing application, locate the View Setup Instructions button.2.
2. Click View Setup Instructions.
3. Copy the text under the X.509 Certificate heading.
4. Open https://www.samltool.com/fingerprint.php
5. Paste the X.509 Certificate text to the ‘X.509 Cert’ field located at
https://www.samltool.com/fingerprint.php
6. Select sha256 in the Algorithm dropdown menu.
7. Click Calculate Fingerprint.
8. Copy the value in the Formatted FingerPrint field and paste it to notepad for later use.
Create API Token
1. Within Okta, navigate to API under the Security dropdown menu.
2. From the API page, click Create Token.
3. Enter a value for your API Token, in the below example screenshot we are using Phriendly Phishing Token.
4. Click Create Token.
5. Copy the Token Value to notepad for later use.
6. Once you have copied the Token Value click OK, got it.
Configuring the Phriendly Phishing portal
Before configuring the Phriendly Phishing portal you will need to obtain the following information from Okta:
Sign-in page URL | ‘Application’ page under ‘Sign On’ click the ‘View Setup Instructions’ button. |
Logout page URL | Application’ page under ‘Sign On’ click the ‘View Setup Instructions’ button. |
Certificate Fingerprint | Generated in 2.1.6 Generate Certification, step 8. |
Okta URL | Your Okta URL – the URL that you’re using to sign in to OKTA |
Admin Group | OKTA group that will become ‘Company Admins’. |
Authentication Token | Created in Create API Token, Step 5. |
1. Go to the settings cog in the top right-hand corner of your dashboard.
.
2. Select the User Syncrhonisation tab
3. Select Okta
4. Expand Single Sign On Setup.
5. Fill in the fields with the required information.7. Click Save Settings.
8. Switch the Single Sign On Setup to Enabled.
Assign Administrators SSO Group to the Okta Application
1. From the Phriendly Phishing Okta application select Assignments.
2. Click the Assign dropdown button.
3. From the dropdown click Assign to Groups.
4. Select Assign next to the Phriendly Phishing administrators group.
5. Click Done.
All users in the Okta administrator group will now have the ability to access the Phriendly Phishing portal using their Okta credentials.
Explore Phriendly Phishing's award-winning course catalogue here!
Comments
0 comments
Please sign in to leave a comment.