Configuring SAML Single Sign-on

Since 5.15.0, MetaDefender Core has stopped supporting weak digest algorithms SHA1 and MD5. Customers who integrate MD Core with Okta SAML 2.0 are advised to update their Digest Algorithm option to a stronger algorithm if the option is configured in the current settings.

Please follow these steps to update your digest algorithm in Okta:

Sign to Okta console with your account.
In dashboard, expand Applications in the left sidebar and click Applications.
In your SSO integration, select General tab.
Navigate to SAML Settings and click Edit.
On Edit SAML Integration page, select Configure SAML tab.
Expand Advanced Settings, navigate to Digest Algorithm and select SHA256 or higher.

From MetaDefender Core,

Sign in to MetaDefender Core with your account.
Select your SSO directory and click Edit.
Under Identity Provider , click Fetch URL.
Fill the metadata URL with SAML metadata link from Okta.
Click Save Changes.

Create Okta application

Access https://www.okta.com/login/ and sign in.
In sidebar of dashboard, hit Applications to drop sub items down, then select Applications.
Click Create App Integration.

In Sign-in method, choose SAML 2.0 and click Next.

Fill App name, MDCore-SAML for example and click Next.

Create SAML directory in MetaDefender Core

Sign in to MetaDefender Core management console.
Under Dashboard, hit User Management in the left sidebar.
Under User Management, choose Directories tab and click Add directory in the top right.

In Add Directory page, select SAML for Directory Type.
Fill Name of the new directory, MDCore-SAML for example.
Under Service Provider, fill in Host or IP where MetaDefender Core is being hosted, https://localhost:8008 for this example.

Configure Okta

Switch to Applications screen in Okta home page.
Paste the Login URL from MetaDefender Core into Single sign on URL and set ID for Audience URI, metadefender_core-saml for example.

Scroll down, navigate to Attribute Statements and set mapping from Okta key name to the one set at User identified by in MetaDefender Core, then hit Next.

Choose your answer at Feedback screen and click Finish.
On the next screen, navigate to SAML Signing Certificates, choose the row that has value of column Status is "Active" then drop Actions down and click View IdP metadata.

Copy SAML Metadata link.

Switch to Applications screen in Okta, navigate to Assignments tab, and assign users for the application.

Complete configuration in MetaDefender Core

Switch to MetaDefender Core screen, under Identity Provider, click on Fetch URL.
Paste "SAML Metadata link" from Okta to the box under Fetch URL and click OK to ensure MetaDefender Core can set Okta as its IdP.

Under Service Provider, fill in user identity under User identified by with ${first_name}_${last_name} for example.
Select the appropriate role for the user under User Role.
Click Add to complete the settings.

In User Management screen, toggle the new directory, MDCORE-SAML in this example. A dialog box is shown to confirm the action. Once Enable is hit, all existing sessions will be expired immediately and Okta will be used to authenticate users going forward.

Test the integration

Browse MetaDefender Core, hit Login, user is redirected to Okta's sign-in page.

Sign in by the account registered in Okta.
If everything goes right, MetaDefender Core dashboard is shown with user identity set at the top right corner.

For troubleshooting, browse <mdcore-host>#/public/backuplogin.

Test IdP-initiated SSO

Sign in to Okta management page.
Navigate to Applications/ Applications on the sidebar.
Select the active SAML application.

In Sign On tab, find and hit View SAML setup instructions button.

In the new page, copy the URL under Identity Provider Single Sign-On URL section.

Paste the copied URL to a web browser and sign in.

If everything goes right, MetaDefender Core dashboard is shown with user identity set at the top right corner.

For troubleshooting, browse <mdcore-host>#/public/backuplogin.

Last updated on

Was this page helpful?