- Raise a ticket with AppCheck Support to have the SSO feature enabled for your account.
- Wait for the ticket to be completed.
- Open Log into Okta admin site
- Open two tabs/windows (in addition to this guide):
- Your Organisation settings page in the AppCheck scanner portal
- Select the SSO Settings tab in the left-hand menu.
- Your Okta admin portal
- Your Organisation settings page in the AppCheck scanner portal
- In your Okta tab Navigate to Applications in the left-hand panel
- Click Create App Integration
- Select SAML 2.0, and press Next
- Provide a name for the new app integration, eh "AppCheck"
- Tick Do not display application
- Click Next
- Copy the Entity ID and Reply URL from the Service Provider Details section of your AppCheck tab and paste them into the matching fields in Okta (Audience URI, and Single sign-on URL)
- In your Okta tab, change the Name ID format field to "EmailAddress"
- Change the Application username field to "Email"
- In your AppCheck tab, download the X.509 Certificate
- In your Okta tab, upload the certificate to the Signature Certificate field, and tick the Signed Requests checkbox
- Optional: If you want to enable encryption for the assertions, change Assertion Encryption to "Encrypted", and upload the same X.509 Certificate you used for the signature to the Encryption Certificate field
- In your Okta tab, in the Attribute Statements section, create entries for
givenname
andsurname
. These should point to the user's first and last name - Click Next to save and finish your Okta app configuration
- Under the Sign On header, find the Metadata URL
- Copy this URL, and in your AppCheck tab, in the Identity Provider Settings section, click Upload XML Metadata, and paste the URL into the URL field.
- Press upload.
- In your Okta tab, assign some users to the Okta app. These are the users that will be able to sign into AppCheck with SSO. This list can be amended later.
- In your AppCheck tab click Test SAML Config
- Wait for the test to succeed
- Tick Enable SAML authentiation
- Click Update
Users whose email addresses match an assigned user in the Okta application can now sign in to AppCheck without being asked for their AppCheck password. If they are not already logged in to an Okta account in that browser session they will be redirected to Okta to log in.
Comments
0 comments
Article is closed for comments.