Configuring single sign-on to ADAudit Plus using Okta

Step 1: Configure ADAudit Plus in Okta

1. Log in to the Okta portal.
2. Under the Apps tab, click Add Application → Create New App.
3. Select Web as the Platform and SAML 2.0 as the Sign on method, and click Create.
4. In General Settings, enter the SAML application name (for example, ADAudit Plus) in the App name field. Upload a logo for the application if needed, and click Next.
5. In the Configure SAML section, enter the values for: Single sign on URL and Audience URL.
   Note: To find the values for the Single sign-on URL ,Audience URI and Logout URL, log in to the ADAudit Plus console, navigate to Admin > Administration > Logon Settings > Single Sign-On. Check the box next to Enable Single Sign-On, and select SAML Authentication > Identity Provider (IdP) > Okta.
6. Copy the ACS/Recipient URL value, and paste it in the Single sign-on URL field. Copy the Issuer URL/Entity ID value, and paste it in the Audience URI field.
7. Copy the SP Logout URL value, and paste it in the Logout URL field. Also,Download X509 Certificate from Logon Settings Page. Click Show Advanced Settings under Configure SAML in Okta.
8. Click Browse next to Signature Certificate, and select the X.509 Certificate you downloaded.
9. Click Upload Certificate.
10. Click Finish.
11. Once the configuration is complete, navigate to the Sign on tab to download the identity provider metadata file.

Step 2: Configure Okta in ADAudit Plus

1. Log in to the ADAudit Plus web console with admin credentials. Navigate to Admin → Administration → Logon Settings → Single Sign-On. Check the box next to Enable Single Sign-On, and select SAML Authentication.
2. Select Okta from the Identity Provider (IdP) drop-down. Under SAML Configuration Mode, select Upload Metadata File. Click Browse and upload the metadata file obtained at the end of the Step 1.

   

   Note: You can also configure SAML in Manual Configuration mode.

   1. Copy and paste the Issuer URL/Entity ID.
   2. Paste the IdP Login URL.
   3. Paste the IdP Logout URL.
   4. Paste the X.509 Certificate value from your identity provider.

   

3. If needed, enable Single Logout under Advanced settings.
4. Advanced Settings configuration:
   Note: Ensure that the configuration settings selected here match those configured in your Okta identity provider.

   

   Authentication Request Configuration

   Setting	Description	Available values
   SAML Request	Defines whether the authentication request sent to Okta is digitally signed	Signed Unsigned
   Authentication Context Class	Specifies the method Okta should use to authenticate users	None Windows Authentication Kerberos PasswordProtectedTransport Password TLS Client Unspecified X.509 Certificate

   SAML Response Configuration

   Setting	Description	Available values
   SAML Response	Specifies whether the overall SAML response from Okta is signed	Signed Unsigned
   SAML Assertion	Specifies whether the SAML assertion inside the response is signed	Signed Unsigned
   Signature Algorithm	Defines the algorithm used for generating digital signatures in SAML responses	SHA1 SHA256 SHA384 SHA512

   Encryption Configuration

   Setting	Description	Available values
   Assertion Encryption	Determines whether the SAML assertions returned from Okta are encrypted	Encrypted Unencrypted
   Encryption Certificate	Certificate used for encrypting the assertion	Self-Signed CA Signed

5. If you want to mandate domain technicians to log into ADAudit Plus only through SAML authentication, check the Force SAML Login box in the bottom-right corner.
   Note: Once enabled, accessing ADAudit Plus' login page will redirect domain technicians to the single sign-on URL. However, administrators and technicians with ADAudit Plus authentication credentials can access the ADAudit Plus login page by using the /adminLogin tag after the login page URL.
6. Click Save.