Add Okta Platform as a SAML identity provider for Zero Trust Network Access

In this topic, you will find instructions on how to add Okta Platform as a SAML identity provider for Portnox™ Zero Trust Network Access.

Prerequisites:

  • You must first integrate your Portnox Cloud instance with your Okta Workforce Identity repository as an authentication provider. For more information, see the following topic: Integrate with Okta Wokforce Identity.

Create a new identity provider configuration in Portnox Cloud

In this section, you will create a new SAML identity provider configuration in Portnox Cloud

  1. In a new tab of your browser, open your Portnox Cloud account by accessing the following URL: https://clear.portnox.com/

    From now on, we will call this tab the Portnox tab.

  2. In the Cloud portal top menu, click on the Settings option.

  3. In the Cloud portal left-hand side menu, click on the Integration Services > IDENTITY PROVIDER SERVICE > Identity Provider menu option.

  4. Click on the Add a new identity provider link and from the drop-down menu, select the Add a SAML identity provider option.

  5. In the Identity provider details section, enter an Identity provider name and optionally a Description.

    In this example, we used the name Okta for the new identity provider but you can use any name you like.

  6. Keep this browser tab open. You will need it later.

Create a new Okta application

In this section, you will create a new Okta application that will handle integration with Portnox Cloud.

  1. In another tab of your browser, open your Okta admin console: https://your_tenant_name-admin.okta.com/.

    From now on, we will call this tab the Okta tab.

  2. In the left-hand side menu, click on the Applications > Applications option.

  3. In the right-hand side pane, click on the Create App Integration button.

  4. In the Create a new app integration window, select the SAML 2.0 option, and then click on the Next button.

  5. In the Create SAML Integration pane, enter an App name, and then click on the Next button.

    In this example, we used the name Portnox ZTNA, but you can use any name you like.

Copy configuration values from the Portnox tab to the Okta tab

In this section, you will copy the values displayed by Portnox Cloud and paste them in the relevant fields in the Okta application setup section.

  1. In the Portnox tab, in the Integration settings section, click on the  ⧉  icon next to the Identifier (Entity ID) / Issuer URI field to copy the value.

  2. In the Okta tab, paste the value copied from Portnox Cloud into the Audience URI (SP Entity ID) field.

  3. In the Portnox tab, in the Integration settings section, click on the  ⧉  icon next to the Assertion Consumer Service URL / Single Sign-on URL field to copy the value.

  4. In the Okta tab, paste the value copied from Portnox Cloud into the Single sign-on URL field.

  5. In the Okta tab, scroll to the bottom of the pane and click on the Next button. Then, in the Feedback step, click on the Finish button.

Copy configuration values from the Okta tab to the Portnox tab

In this section, you will copy the values displayed by the Okta application setup section and paste them in the relevant fields in Portnox Cloud.

  1. In the Okta tab, click on the Sign On tab, and then in the SAML 2.0 section, click on the More details link.

  2. In the Okta tab, click on the Copy link under the Sign on URL field.

  3. In the Portnox tab, in the Identity provider properties section, click on the empty field under the Login / Sign on URL heading and paste the value copied from Okta.

  4. In the Okta tab, click on the Copy link under the Issuer field.

  5. In the Portnox tab, in the Identity provider properties section, click on the empty field under the Entra Identifier / Issuer heading and paste the value copied from Okta.

  6. In the Okta tab, click on the Download button next to the Signing Certificate field to download the certificate file to your local disk.

  7. In the Portnox tab, in the Certificates > Signature verification certificates section, click on the Add certificate link, select the Upload certificate file option, click on the Browse for file button, and select the file you just downloaded from Okta. Then, click on the Add certificate button.

Finalize the configuration

In this section, you will finalize the configuration in the Portnox Cloud and in Okta.

  1. Finalize the configuration in the Portnox tab.
    1. Click on the Save and Close button.

  2. Finalize the configuration in the Okta tab.
    1. Click on the Assignments tab and assign Okta users who will be able to use this identity provider.

Result: You have added Okta as an identity provider for Portnox Zero Trust Network Access.