This document provides instructions for creating an application within Okta for compatibility with BloodHound Enterprise. For general instructions on adding a SAML provider to BloodHound Enterprise, or for configuring users to utilize a SAML provider, see SAML in BloodHound Enterprise.
See SAML Order of Operations and Quick Reference before starting.
Create an Okta Application
- Navigate to the organization applications page and create a new SAML application integration.
- Give the application a name and an icon if desired.
- Once finished, click next to begin setting the SAML configuration for this application.
Okta SAML Settings
The following SAML settings are required for Okta to integrate with BloodHound Enterprise:
SAML Setting |
Value |
Single sign on URL |
https://<DOMAIN>.bloodhoundenterprise.io/api/v1/login/saml/<PROVIDER-NAME>/acs <DOMAIN>: the subdomain of your tenant URL. <PROVIDER-NAME>: the name chosen for the SAML provider within the BloodHound Enterprise configuration |
Audience URI (SP Entity ID) |
https://<DOMAIN>.bloodhoundenterprise.io/api/v1/login/saml/<PROVIDER-NAME> <DOMAIN>: the subdomain of your tenant URL. <PROVIDER-NAME>: the name chosen for the SAML provider within the BloodHound Enterprise configuration |
Name ID format |
EmailAddress |
Application username |
|
Okta Attribute Statements
The following attribute settings are required for Okta to integrate with BloodHound Enterprise:
Name | Name Format | Value |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress | URI Reference | user.email |
Complete SAML Integration Configuration
- Once all the information is entered, your screen should look similar to the example below. Once confirmed, click next to continue.
- Complete creation of the SAML integration with the following options below:
- Once completed you should now see the application home page. You may then click on View Setup Instructions to view the integration setup details.
- Copy the metadata provided by Okta and save it into a metadata.xml file.
ATTENTION FIREFOX USERS: FireFox may prepend an additional heading to the metadata.xml file, resulting in an error creating the SAML integration within BloodHound Enterprise. If your extracted metadata.xml looks like the following, delete line 1 try again. See https://support.mozilla.org/en-US/questions/1387904 for more details. - Follow the instructions at SAML in BloodHound Enterprise to create the SAML provider in BloodHound Enterprise.
Updated