Skip to main content

Exabeam Security Operations PlatformExabeam Security Operations Platform Administration Guide

Set up Okta as your Identity Provider

If you use Okta as a third-party Single Sign-On (SSO) provider, you can integrate your Okta with Exabeam to ensure a secure login experience.

Before you set up the integration, ensure that you have your Okta Administrator available in case changes are needed on the Okta side.

Add the Exabeam Application in Okta

Before you set up the IdP settings in Exabeam, you must add an Exabeam Application in Okta. The attributes and SAML settings that you define will be needed for your Exabeam configuration.

  1. Add a custom SAML 2.0 application for Exabeam in your Okta Admin Console (https://<your-okta-domain>/admin).

    For full instructions, see the Okta documentation to Create SAML app integrations.

    okta-saml-settings-for-exabeam.png

    During the setup, you will:

    1. Specify the URL for your Exabeam Security Operations Platform as both the Single sign-on URL and the Audience URI.

      This value acts as a placeholder while you complete the setup of your IdP configuration in the Exabeam Security Operations Platform. You will later return to and update this configuration with actual values.

    2. Choose your preferred values for the Name ID format, Application Username, and Update application username on.

  2. Specify which users and groups should be permitted to access the Exabeam Security Operations Platform using Okta.

    If you have not already done so, you will need to create a group for Exabeam access and assign users and rights to the group.

    Note

    Group names cannot contain spaces.

    Take note of the group name as you will supply it in the next step.

    For full instructions, see the Okta documentation about User Management.

  3. Define the attribute statements that Okta will share with Exabeam.

    For full instructions, see the Okta documentation to Define Attribute statements.

    Note

    Values are case sensitive. Later you will need to specify the exact values in the Query Attributes configuration of the Exabeam SSO Identity Provider.

    In the Attribute Statements section of the Create SAML Integration page, define the following attributes for your Exabeam application:

    Okta Name

    Value

    Attribute Statements

    FirstName

    user.FirstName

    LastName

    user.LastName

    Email

    user.email

    Username

    user.email or user.login

    Group Statements

    (Optional) Group

    <exabeamGroupName>

    If you use multiple values for Exabeam (such as exabeam-users, exabeam-groups), you could, for example, define this field using the following filter:

    Starts with exabeam.

  4. Configure the app to trust Okta as an IdP provider.

    okta-saml-app-for-exabeam-idp-trust.png

    Follow any additional steps prompted by Okta to complete the setup. This may involve configuring attributes, mapping user profiles, and more.

  5. Test the integration to ensure that users can successfully sign in to the application using Okta credentials.

  6. If testing is successful, deploy the integration to make it active.

Add Okta as the IdP in Exabeam

  1. Add a Third-Party Identity Provider for Okta.

    During this workflow, you will enter information about the Exabeam Application that you set up in Okta. It is recommended to have both the Exabeam IdP configuration and your Okta Admin Console open at the same time.

    exabeam-idp-config-okta.png

    The following table identifies the fields that are relevant to configure Okta as the IdP:

    Exabeam Field

    Okta Inputs

    Identity provider name

    Okta

    SAML Entity ID

    Identity Provider Issuer. In Okta, see Applications > Applications > Exabeam > Sign On > View SAML Setup Instructions.

    okta-saml-app-for-exabeam-idp-trust.png
    okta-app-info-for-exabeam.png

    Login URL

    Identity Provider Single Sign-On URL. In Okta, see View SAML Setup Instructions.

    Upload IdP Certificate

    Copy or download the certificate. In Okta, see View SAML Setup Instructions.

    Logout URL and Logout Redirect URL

    These fields are optional in the Exabeam Security Operations Platform and will be automatically generated if left blank, however if you want redirect links, please input those.

    Query Attributes

    Match the attributes exactly to those you defined in Okta. See Step 3.

  2. Configure the Exabeam properties in Okta.

    After you complete the setup, the Exabeam Security Operations Platform displays a summary of your IdP settings.

    exabeam-idp-config-okta-settings-for-okta.png

    The Single sign-on URL will match Assertion consumer URL and Audience URI (SP Entity ID) will match Entity ID.

    1. Note both values and return to the Okta Admin Console and edit your SAML integration.

    2. Go to Applications > Applications > Exabeam > Sign On. In Settings click Edit.

    3. Enter the Assertion consumer URL value from the Exabeam configuration in the Single sign-on URL field.

      okta-saml-exabeam-settings-for-okta.png

    4. Enter the Audience URI from the Exabeam configuration in the Entity ID field.

    5. Click Next.

  3. Configure groups mapping in the Exabeam Security Operations Platform.

    exabeam-group-mapping-okta.png

    Ensure that group mapping matches the name of the group created in Okta.

    exabeam-group-mapping-okta-success.png

    For more information on this step, see Step 5.

  4. Test your login in to the Exabeam Security Operations Platform to make sure your users can now access using their Okta credentials.