Set up SSO with Okta

My OPSWAT Portal offers an integration with a 3rd-party Single Sign-on Service (SSO).

My OPSWAT Portal uses the secure and widely adopted industry standard Security Assertion Markup Language 2.0 (SAML 2.0), so that you can integrate easily with any large identity provider that supports SAML 2.0.

To get started, go to your identity provider's website and follow the instructions to configure a SSO application for My OPSWAT Portal.

1. Log into Okta as an Administrator

2. Navigate to Applications and click on the application you want to configure

3. From the General tab > SAML Settings > Select Edit button

4. In the Configure SAML step, select:

   1. Name ID format = EmailADdress to match username of My OPSWAT Portal
   2. Attribute Statements (optional):

5. In the Configure SAML step, Attribute Statement (Optional), and filling as below image and save.

6. Access Applications > Application > Sign On > SAML Signing Certificates

7. Click on Generate new certificate to add new Cert

8. Click Action at the cert row > Select Activate > Save the certificate

9. Select Action > View Idp metadata and save this file (Save cert file also)

10. Contact My OPSWAT support team via Support Service and provide all below info:

    • Ticket Summary: “Integrate Okta with My OPSWAT Portal”

    • Description:

      • Customer Company Name: <your company name>

      • Domain name: <__opswat.com (It must be a valid domain, if not it will not be accepted)>

      • Short description for the request ticket:

        • How many users?

        • Do you have Organization?

          • No: please provide Organization name, email of the first Admin.(We will create an Organization and add the first Admin for this Org, then you can invite user to the Organization)
          • If Yes: skip this info

        • OPSWAT will redirect users to authenticate by the configured IDP based on provided domain name or specific user. Do you have any specific users in IDP with different domain emails?

          • If No: skip this info
          • If Yes: Please provide a list user emails

    • Metadata file (Which is downloaded from step #9)

    • Certìicate file

11. Waiting response from Support Team, they will provide back to you IdP Start URL

12. Access to the Application, in the Configure SAML step > Edit and move to General > SAML Settings > Edit

13. Then use the IdP Start URL is provided at step #11 to correct it in SAML Settings and click Save button.

14. Now you need to assign people/groups who can access this application on Okta