SAML: Okta Configuration

This article applies to BHCE and BHE

This document provides instructions for creating an application within Okta for compatibility with BloodHound Enterprise. For general instructions on adding a SAML provider to BloodHound Enterprise, or for configuring users to utilize a SAML provider, see SAML in BloodHound Enterprise.

See SAML Order of Operations and Quick Reference before starting.

Create an Okta Application

  1. Navigate to the organization applications page and create a new SAML application integration.
    mceclip0.png
  2. Give the application a name and an icon if desired.
    mceclip1.png
  3. Once finished, click next to begin setting the SAML configuration for this application.

Okta SAML Settings

The following SAML settings are required for Okta to integrate with BloodHound Enterprise:

SAML Setting

Value

Single sign on URL

https://<DOMAIN>.bloodhoundenterprise.io/api/v1/login/saml/<PROVIDER-NAME>/acs

<DOMAIN>: the subdomain of your tenant URL.

<PROVIDER-NAME>: the name chosen for the SAML provider within the BloodHound Enterprise configuration

Audience URI (SP Entity ID)

https://<DOMAIN>.bloodhoundenterprise.io/api/v1/login/saml/<PROVIDER-NAME>

<DOMAIN>: the subdomain of your tenant URL.

<PROVIDER-NAME>: the name chosen for the SAML provider within the BloodHound Enterprise configuration

Name ID format

EmailAddress

Application username

Email

Okta Attribute Statements

The following attribute settings are required for Okta to integrate with BloodHound Enterprise:

Name Name Format Value
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress URI Reference user.email

 

Complete SAML Integration Configuration

  1. Once all the information is entered, your screen should look similar to the example below. Once confirmed, click next to continue.
    mceclip2.png
  2. Complete creation of the SAML integration with the following options below:
    mceclip3.png
  3. Once completed you should now see the application home page. You may then click on View Setup Instructions to view the integration setup details.
    mceclip4.png
  4. Copy the metadata provided by Okta and save it into a metadata.xml file.

    ATTENTION FIREFOX USERS: FireFox may prepend an additional heading to the metadata.xml file, resulting in an error creating the SAML integration within BloodHound Enterprise. If your extracted metadata.xml looks like the following, delete line 1 try again. See https://support.mozilla.org/en-US/questions/1387904 for more details.

    mceclip5.png
  5. Follow the instructions at SAML in BloodHound Enterprise to create the SAML provider in BloodHound Enterprise.

Updated