This article outlines how to set up AuditFindings for single sign on via Okta. The basic steps are outlined below.
- Obtain Okta configurations from your Okta server
- Enter Okta settings in AuditFindings
- Save and Sync.
- Add users to the AuditFindings application within Okta.
- Within AuditFindings, Save and Sync to import users from Okta.
Explanations of the these basic steps are included below.
STEP 1 OBTAIN OKTA SETTINGS
The Okta settings will need to be entered into the AuditFindings Administration > Single Sign on page. From this section, you will need to enter the following:
- Okta Domain
- Client ID
- API Token
Once these items are entered, the Login Link will be created that can then be used by Okta users.
Here is how to obtain these settings from within Okta.
The following provides additional information on getting the configuration items from your Okta server to input into AuditFindings.
OBTAIN OKTA DOMAIN
Get your Okta Domain for your Okta Server: Your Okta Administrator should have this information.
OBTAIN CLIENT ID
Create an AuditFindings Application to obtain a Client ID. Below is the process to create an application and obtain the client ID.
Select Applications from the Applications menu.
Select Add Application.
Select Create New App
Select WEB - Open ID Connect
Enter the appropriate setting in the OpenID Connect Integration page.
- Application Name: AuditFindings (or whatever you would like to call it)
- Application Logo: Optional, but our logo is uploaded to this help file.
- Client Credentials: blank
- Client acting on behalf of a user
- Authorization Code: checked
- Implicit (Hybrid)
- Allow ID token with implicit grant type: checked
- Login redirect URIs: https://secure.auditfindings.com/member/login/okta
- Logout redirect URIs: blank
- Login initiated by: Either Okta or App
- Application visibility
- Display application icon to users
- Login Flow: redirect to app to initiate login (OIDC Compliant)
The Client ID is near the bottom of the page in the Client Credentials section.
OBTAIN API TOKEN
When you create this ID, you must ensure that you copy the ID, it cannot be retrieved again. A new one must be created if this ID is not copied at that time.
Select API from the Security dropdown menu
Select Create Token
Name the token: AuditFindings
Copy the token value: This will be entered into AuditFindings SSO settings.
In addition to the API token, a Trusted Origin must be configured.
Select Trusted Origins > Add Origin
Configure the Origin Settings:
- Name: AuditFindings
- Origin URL: https://secure.auditfindings.com
- CORS: Checked
- Redirect: Checked
STEP 2 ENTER INFORMATION INTO AUDITFINDINGS.COM SSO
Once entered, you will see the Login Link Available.
STEP 3 SAVE AND SYNC
By clicking the Save and Sync button, users from Okta will be imported into the User Management within AuditFindings. Any users within the Okta AuditFindings application will be imported as Active user at the Assignee level. An Administrator will need to log into AuditFindings and change their access level if they should have access other than at the Assignee level.
STEP 4 ADD ADDITIONAL USERS TO OKTA AUDITFINDINGS APP
Add any additional users to the AuditFindings app within Okta. These users will then be imported into AuditFindings as Assignee level users.
STEP 5 SAVE AND SYNC
Within AuditFindings, the Save and Sync option must manually be clicked to import users from Okta.
Some of the key attributes of using OKTA single sign on:
Once configured, users will be imported automatically from the single sign on system into AuditFindings. These users will be disabled by default. An administrator must enable the users in AuditFindings to allow them access to the application.
A user could also have direct access to AuditFindings if an administrator sets a password within AuditFindings.com or the user resets or creates their own password.
All single sign on users will be imported at the Assignee level. If an organization should require another level of access, an administrator must change that user's level within AuditFindings.
If single sign on configuration is removed, the users will remain within AuditFindings, but they would not be able to access the system via the single sign on system.