Okta Active Directory (AD) User synchronisation enables you to connect your Okta Active Directory to your Phriendly Phishing account. When an individual is configured in your AD then they will automatically synchronise this new staff member in your Phriendly Phishing account. When an individual has been removed from your Okta AD then the individual will be removed from your Phriendly Phishing account.
Here you will learn how to create an Okta application to synchronise Okta user groups to Phriendly Phishing.
Note: To create an Okta application you must have super admin access to your Okta instance. The Super admin role has the highest permissions of all the admins within Okta .
If you have already setup an Okta application to allow SSO for Company Admins please skip to 2.1.7 Configuring the Phriendly Phishing portal.
How to setup a SAML Application in Okta
1. Access your Okta Administration application with Super Administrator privileges.
2. Switch to Admin.
3. Navigate to Add Applications located in the Shortcuts menu.
4. Select Create New App.
5. Ensure Platform is set to Web.
6.Select the ‘SAML 2.0’ radio button.
7. Click Create.
1. Set App name to Phriendly Phishing (or a preferred name of your choosing).
2. Both App visibility options should be set to do Do not display….
3. Click Next.
How to Configure SAML
1. Insert the value: https://launch.phriendlyphishing.com/company_admin/saml/acs
2. Tick Use this for Recipient URL and Destination URL.
3. Untick Allow this app to request other SSO URLs.
4. Insert the value PH2System into Audience URL (SP Entity ID).
5. Ensure Default RelayState field is blank.
6. For the Name ID format field select EmailAddress from the dropdown.
7. In the Application username select Email from the dropdown.
How to Configure SAML (Advanced Settings)
1. Click Show Advanced Settings.
2. Ensure the Response value is set to Signed.
3. Ensure Assertion Signature is set to Signed.
4. Ensure Signature Algorithm is set to RSA-SHA256.
5. Ensure Digest Algorithm is set to SHA256.
6. Ensure Assertion Encryption is set to Unencrypted.
7. Select Enable Single Logout.
8. In the Single Logout URL field, insert the value: https://launch.phriendlyphishing.com/company_admin/saml/logout
9. In the SP Issuer field insert the value: PH2System
10. In the Signature Certificate field click Browse...
- Navigate to the PhriendlyPhishingCertificate.cert provided with this guide.
- Select and open the PhriendlyPhishingCertificate.cert file.
- Click Upload Certificate.
11. Ensure Authentication context class is set to PasswordProtectedTransport.
12. Ensure Honor Force Authentication is set to Yes.
13. The SAML Issuer ID value will remain blank.
14. Click Next located at the bottom of the Create SAML Integration page.
Configure SAML – Feedback
1. Select the radio button I'm an Okta customer adding an internal app.
2. Click Finish. You will now be redirected to the Sign On tab for the Phriendly Phishing application.
1. From the Sign On tab for the Phriendly Phishing application, locate the View Setup Instructions button.
2. Click View Setup Instructions.
3. Copy the text under the X.509 Certificate heading.
5. Paste the X.509 Certificate text to the X.509 Cert field located at https://www.samltool.com/fingerprint.php
6. Select sha256 in the Algorithm dropdown menu.
7. Click Calculate Fingerprint.
8. Copy the value in the Formatted FingerPrint field and paste it to notepad for later use.
How to Create API Token
1. Within Okta, navigate to API under the Security dropdown menu.
2. From the API page, click Create Token.
3. Enter a value for your API Token, in the below example screenshot we are using Phriendly Phishing Token.
4. Click Create Token.
5. Copy the Token Value to notepad for later use.
6. Once you have copied the Token Value click OK, got it.
How to Assign your User Group to the Okta Application
1. From the Phriendly Phishing Okta application select Assignments.
2. Click the Assign dropdown button.
3. From the dropdown click Assign to Groups.
4. Select Assign next to the Phriendly Phishing user group.
5. Click Done.
How to Configuring the Phriendly Phishing portal
Note: Before configuring the Phriendly Phishing portal you will need to obtain the following information from Okta:
Your Okta URL – the URL that you’re using to sign in to OKTA
Okta group that will sync containing users with Phriendly Phishing.
Created in Create API Token, Step 5.
1. In the dashboard, click on the settings cog located at the top right-hand side of your Phriendly Phishing portal.
2. Click on the User Synchronisation tab.
3. Select to expand Okta Synchronisation.
4. Fill in the fields with the required information.
5. Click Save Settings.
Please wait for Phriendly Phishing and Okta to sync user information overnight, the user data will be available the next day.
Reviewing and Importing user data
Once the user data has successfully synchronised you will be notified within the Phriendly Phishing portal.
1. Select the bell icon in the top right-hand corner of your dashboard.
2. Once the bell icon is expanded click on the message to navigate to the next step.
You will now be redirected to the Phriendly Phishing User Synchronisation settings page.
3. . From the User Synchronisation settings page click Enabled for Okta Synchronisation.
4. Review the imported data, if the information is correct click Sync Data From Okta.
5. You will receive a confirmation once the data is successfully imported, click Finish.
All users within your assigned Okta user group will now automatically sync to the Phriendly Phishing portal. Any new users that are added to the assigned Okta user group will also be synced to Phriendly Phishing moving forward.
Note: Users will only be added to Phriendly Phishing, they will not be scheduled in automatically to receive simulated phishing emails. To configure this please set up Auto Enrollment.