Okta Active Directory (AD) User synchronisation enables you to connect your Okta Active Directory to your Phriendly Phishing account. When an individual is configured in your AD then they will automatically synchronise this new staff member in your Phriendly Phishing account. When an individual has been removed from your Okta AD then the individual will be removed from your Phriendly Phishing account.
Here you will learn how to create an Okta application to synchronise Okta user groups to Phriendly Phishing.
Note: To create an Okta application you must have super admin access to your Okta instance. The Super Admin role has the highest permissions of all the admins within Okta.
If you have already set up an Okta application to allow SSO for Company Admins please skip to 2.1.8 Configuring the Phriendly Phishing platform.
1. How to set up a SAML Application in Okta
a. Access your Okta Administration application with Super Administrator privileges.
b. Switch to Admin.
c. Navigate to the Applications section located in the left panel.
d. Select Create App Integrations.
e. Select the ‘SAML 2.0’ radio button and click "Next"
f. Set the App name to Phriendly Phishing (or a preferred name of your choosing).
App visibility options should be set to "Do not display…."
2. Configure SAML
a. In the Single Sign-on URL, insert this value: https://launch.phriendlyphishing.com/company_admin/saml/acs
b. Tick Use this for Recipient URL and Destination URL.
c. Insert the value PH2System into the Audience URL (SP Entity ID).
d. Ensure the Default RelayState field is blank.
e. For the Name ID format field select EmailAddress from the dropdown.
f. In the Application username select Email from the dropdown.
3. How to Configure SAML (Advanced Settings)
a. Click Show Advanced Settings.
b. Ensure the Response value is set to Signed.
c. Ensure the Assertion Signature is set to Signed.
d. Ensure the Signature Algorithm is set to RSA-SHA256.
e. Ensure Digest Algorithm is set to SHA256.
f. Ensure Assertion Encryption is set to Unencrypted.
g. In the Signature Certificate field click Browse...
-
-
- Navigate to the PhriendlyPhishingCertificate.crt provided with this guide.
- Select and open the PhriendlyPhishingCertificate.cert file.
- Click Upload Certificate.
-
h. In the Enable Single Logout field, select "Allow application to initiate Single Logout"
i. In the Single Logout URL field, insert the value: https://launch.phriendlyphishing.com/company_admin/saml/logout
j. In the SP Issuer field insert the value: PH2System
k. Ensure the Authentication context class is set to PasswordProtectedTransport.
l. Ensure Honor Force Authentication is set to Yes.
m. The SAML Issuer ID value will remain blank.
n. Click Next located at the bottom of the Create SAML Integration page.
4. Configure SAML – Feedback
a. Select the radio button I'm an Okta customer adding an internal app.
b. Click Finish. You will now be redirected to the Sign On tab for the Phriendly Phishing application.
5. Generate Certification
a. From the Sign On tab for the Phriendly Phishing application, locate the View Setup Instructions button on the right panel.
b. Click View Setup Instructions.
c. Copy the text under the X.509 Certificate heading.
d. Open https://www.samltool.com/fingerprint.php
e. Paste the X.509 Certificate text to the X.509 Cert field located at https://www.samltool.com/fingerprint.php
f. Select sha256 in the Algorithm dropdown menu.
g. Click Calculate Fingerprint.h. Copy the value in the Formatted FingerPrint field and paste it to notepad for later use.
6. How to Create API Token
a. Within the Okta dashboard on the left panel, navigate to API under the Security dropdown menu.
b. From the API page, navigate to the "Token" page and click Create Token.
c. Enter a value for your API Token, in the below example screenshot we are using Phriendly Phishing Token.
d. Click Create Token.
e. Copy the Token Value to notepad for later use.
f. Once you have copied the Token Value click OK, got it.
7. How to Assign your User Group to the Okta Application
a. From the Phriendly Phishing Okta application select Assignments.
b. Click the Assign dropdown button.
c. From the dropdown click Assign to Groups.
d. Select Assign next to the Phriendly Phishing user group.
e. Click Done.
8. How to Configuring the Phriendly Phishing platform.
Note: Before configuring the Phriendly Phishing portal you will need to obtain the following information from Okta:
Okta URL |
Your Okta URL – the URL that you’re using to sign in to OKTA |
User Group |
Okta group that will sync containing users with Phriendly Phishing. |
Authentication Token |
Created in Create API Token, Step 5. |
a. In the dashboard, click on the settings cog located at the top right-hand side of your Phriendly Phishing portal.
b. Click on the User Synchronisation tab.
c. Select to expand Okta Synchronisation.
d. Fill in the fields with the required information.
Note: The AD security group name will be shown as a Segment under the Learners page.
e. We recommend using User Code as the unique identifier as it will update learners if their email address changes.
f. Select any additional attributes you would like to sync to the platform from the Search box.
g. Select Save Settings.
h. Once you have saved your configuration, you will be able to select Trigger Sync.
10. Reviewing and Importing user data
a. The sync process may take a few minutes to complete. Please refresh the page and you will be notified that the process is finished by the bell icon in the top right.
b. Prior to clicking Enabled button, it is recommended to Review processed data. If you are happy with the date, click Enabled for Okta Synchronisation.
d. You will receive a confirmation once the data is successfully imported, click Finish.
All users within your assigned Okta user group will now automatically sync to the Phriendly Phishing portal. Any new users that are added to the assigned Okta user group will also be synced to Phriendly Phishing moving forward.
Note: Users will only be added to Phriendly Phishing, they will not be scheduled automatically to receive simulated phishing emails. To configure this please set up Auto-Enrollment.
Explore Phriendly Phishing's award-winning course catalogue here!
Comments
0 comments
Please sign in to leave a comment.