Okta SAML Authentication with WatchGuard Access Portal. Integration Guide

Similar documents
OneLogin SAML Authentication with WatchGuard Access Portal. Integration Guide

TDR and Microsoft Security Essentials. Integration Guide

TDR and Windows Defender. Integration Guide

TDR and Symantec. Integration Guide

Mitel Cloud VOIP. Integration Guide

SecureW2 and Wi-Fi Cloud. Integration Guide

Threat Detection and Response. Deployment Guide

Fireware. AP Deployment Guide. WatchGuard APs Gateway Wireless Controller Fireware OS v12.1

Configuration Example

Enabling Single Sign-On Using Okta in Axon Data Governance 5.4

Configuring Single Sign-on from the VMware Identity Manager Service to Marketo

Firebox Cloud. Deployment Guide. Firebox Cloud for AWS and Microsoft Azure

WatchGuard XTMv Setup Guide

ComponentSpace SAML v2.0 Okta Integration Guide

SAML SSO Okta Identity Provider 2

INTEGRATING OKTA: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

Configuring Single Sign-on from the VMware Identity Manager Service to Trumba

Configuration Example

Integrating VMware Workspace ONE with Okta. VMware Workspace ONE

WatchGuard XTMv Setup Guide Fireware XTM v11.8

Configure Unsanctioned Device Access Control

Configuring Single Sign-on from the VMware Identity Manager Service to Vizru

MyWorkDrive SAML v2.0 Okta Integration Guide

Integration Guide. LoginTC

Configuring and Delivering Salesforce as a managed application to XenMobile Users with 3 rd Party SAML IDP (Identity Provider)

Add OKTA as an Identity Provider in EAA

Centrify for Dropbox Deployment Guide

Google SAML Integration with ETV

WatchGuard Total Security Complete network protection in a single, easy-to-deploy solution.

Configuring and Delivering Salesforce as a managed application to XenMobile Users with NetScaler as the SAML IDP (Identity Provider)

Configuring Single Sign-on from the VMware Identity Manager Service to Bonusly

Cloud Access Manager How to Configure for SSO to SAP NetWeaver using SAML 2.0

RECOMMENDED DEPLOYMENT PRACTICES. The F5 and Okta Solution for High Security SSO

esignlive SAML Administrator's Guide Product Release: 6.5 Date: July 05, 2018 esignlive 8200 Decarie Blvd, Suite 300 Montreal, Quebec H4P 2P5

RSA SecurID Access SAML Configuration for Datadog

Quick Start Guide WatchGuard Technologies, Inc.

Configuring Single Sign-on from the VMware Identity Manager Service to Exterro E-Discovery

Five9 Plus Adapter for Agent Desktop Toolkit

Configuring Single Sign-on from the VMware Identity Manager Service to Collibra

RSA SecurID Access SAML Configuration for Kanban Tool

Integrating the YuJa Enterprise Video Platform with Dell Cloud Access Manager (SAML)

Integration Guide. SafeNet Authentication Manager. Using SAM as an Identity Provider for Okta

Cisco Jabber for Android 10.5 Quick Start Guide

Integration Guide. SafeNet Authentication Manager. Using SAM as an Identity Provider for PingFederate

Quick Start Guide. WatchGuard XCS Platform Appliance Models: 170, 370, 570, 770, and 770R. Guide de démarrage rapide Kurzanleitung Guida introduttiva

Access Manager Applications Configuration Guide. October 2016

About This Document 3. Overview 3. System Requirements 3. Installation & Setup 4

Integration Guide. Eduroam

RSA SecurID Access SAML Configuration for Samanage

Revised: 22 November Integration Guide

Single Sign-On Administrator Guide

Configuring Confluence

TDR and Panda Fusion. Integration Guide

Single Sign-On Administrator Guide

Integration Guide. Auvik

Integration Guide. AlienVault Unified Security Management (USM)

Juniper Networks SSL VPN Integration Guide

Cloud Secure Integration with ADFS. Deployment Guide

SAML-Based SSO Solution

MyWorkDrive SAML v2.0 Azure AD Integration Guide

SAML-Based SSO Configuration

Azure MFA Integration with NetScaler

Introduction to application management

Webthority can provide single sign-on to web applications using one of the following authentication methods:

Enabling Single Sign-On Using Microsoft Azure Active Directory in Axon Data Governance 5.2

TDR and McAfee. Integration Guide

Citrix Federated Authentication Service Integration with APM

TDR and ESET Endpoint. Integration Guide

Mitel MiContact Center Enterprise WEB APPLICATIONS CONFIGURATION GUIDE. Release 9.2

Yubico with Centrify for Mac - Deployment Guide

CONFIGURING AD FS AS A THIRD-PARTY IDP IN VMWARE IDENTITY MANAGER: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

Cisco Jabber Video for ipad Frequently Asked Questions

MANAGING ANDROID DEVICES: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

4TRESS AAA. Out-of-Band Authentication (SMS) and Juniper Secure Access Integration Handbook. Document Version 2.3 Released May hidglobal.

Using Microsoft Azure Active Directory MFA as SAML IdP with Pulse Connect Secure. Deployment Guide

TDR and Avast Business Antivirus. Integration Guide

Integration Guide. SecureAuth

SOLO NETWORK. UTM-Enabled Network Protection. Unlocking the Promise of

Integration Guide. PingFederate SAML Integration Guide (SP-Initiated Workflow)

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Better MDM

Configuring Alfresco Cloud with ADFS 3.0

TDR and Sophos Software. Integration Guide

Skybox Product Tour. Installation and Starting Your Product Tour Tour Login Credentials: User Name: skyboxview Password: skyboxview

TDR and Kaspersky. Integration Guide

ActivIdentity ActivID Card Management System and Juniper Secure Access. Integration Handbook

Security Provider Integration SAML Single Sign-On

Integration Guide PRTG

TDR and Symantec. Integration Guide

TDR and Malwarebytes. Integration Guide

Cisco Jabber IM for iphone Frequently Asked Questions

Security Provider Integration SAML Single Sign-On

REVIEWERS GUIDE NOVEMBER 2017 REVIEWER S GUIDE FOR CLOUD-BASED VMWARE WORKSPACE ONE: MOBILE SINGLE SIGN-ON. VMware Workspace ONE

TDR & Bitdefender. Integration Guide

Integration Guide. SafeNet Authentication Manager. Using SAM as an Identity Provider for Tableau Server

Securing Your Airspace with WatchGuard s Wireless Intrusion Prevention (WIPS)

VMWARE HORIZON CLOUD WITH VMWARE IDENTITY MANAGER QUICK START GUIDE WHITE PAPER MARCH 2018

OUR SECURITY, DELIVERED YOUR WAY

Administering Workspace ONE in VMware Identity Manager Services with AirWatch. VMware AirWatch 9.1.1

Quick Connection Guide

Integration Guide. SafeNet Authentication Service (SAS)

Transcription:

Okta SAML Authentication with WatchGuard Access Portal Integration Guide

i WatchGuard Technologies, Inc.

Okta SAML Authentication with WatchGuard Access Portal Deployment Overview You can configure Single Sign-On to use SAML authentication and enable your users to log in through one portal and get access to multiple services. This document describes how to set up SAML authentication through the WatchGuard Access Portal with Okta as the Identity Provider. Integration Summary Hardware and Service versions: Okta Identity Cloud Release 2017.49 WatchGuard FireboxV : o Fireware OS v12.1 o Feature key with an Access Portal license Test Topology This integration uses Okta Identity Cloud services to communicate with a WatchGuard Firebox over a public internet connection. Okta SAML Authentication with WatchGuard Access Portal Integration Guide 1

Configure Your Firebox for Okta The WatchGuard Access Portal is a subscription service and needs an active license applied in your Firebox feature key before you can configure it on your Firebox. These steps describe how to set up Okta. From Fireware Web UI: 1. Select Subscription Services > Access Portal. 2. Select the Enable Access Portal check box. 3. Click Save. 4. Select the User Connection Settings tab. Click Configure. The SAML tab appears. 5. To enable SAML, select the Enable SAML check box. 6. In the Service Provider (SP) Settings section, type the IdP Name and Host Name. You add the IdP settings later in this process. IdP Name Specify a name for the SAML authentication to appear in other Firebox settings as the server name. Host Name Specify the fully qualified domain name that resolves to the Firebox external interface. 2 WatchGuard Technologies, Inc.

7. Click Save. 8. Go to https://<host name>/auth/saml. 9. Make sure you have this information from the /auth/saml page: SAML Entity ID in this format: https://<host name>/auth/saml. Assertion Consumer Service (ACS) URL in this format: https://<host name>/auth/saml/acs. Single Logout Service (SLS) URL in this format: https://<host name>/auth/saml/sls. Download the certificate Okta SAML Authentication with WatchGuard Access Portal Integration Guide 3

4 WatchGuard Technologies, Inc.

Configure Okta 1. Sign into your Okta account. 2. From the top navigation bar, select Applications. The Applications page appears.. 3. Click Add Application. 4. Click Create New App. The Create a New Application Integration dialog box appears. Because this application is unique to the Firebox, we must create a new application in Okta. 5. From the Platform drop-down list, select Web. 6. For the Sign on method, select SAML 2.0. Okta SAML Authentication with WatchGuard Access Portal Integration Guide 5

7. Click Create. The General Settings dialog box appears. 8. In the App name text box, type a descriptive name for the application. 9. (Optional) Upload an App logo. 10. In the App visibility section, select options to specify whether the application icon is visible to users or in the mobile app. 11. Click Next. 6 WatchGuard Technologies, Inc.

SAML Settings 1. On the SAML Settings page, in the General section, configure these settings: Single sign on URL Type the URL in this format: https://<host name>/auth/saml/acs The WatchGuard label is the Assertion Consumer Service (ACS) URL. Audience URI (SP Entity ID) Type the URI in this format: https://<host name>/auth/saml The WatchGuard label is the SAML Entity ID. Leave the Default RelayState blank. Name ID format Select x509subjectname. Application username Select Email. 2. Click Show Advanced Settings and specify these settings: Response Select Signed. Assertion Signature Select Signed. Signature Algorithm Select SHA256. Assertion Encryption Select Encrypted. Encryption Algorithm Select AES256-CBC. Encryption Certificate Click Browse and select the certificate you downloaded from the firewall SAML 2.0 Configuration for WatchGuard Access Portal in the previous section. Enable Single Logout Select the Allow application to initiate Single Logout check box. Authentication context class Select PasswordProtectedTransport. Okta SAML Authentication with WatchGuard Access Portal Integration Guide 7

Honor Force Authentication Select Yes. SAML issuer ID Keep the default setting. 8 WatchGuard Technologies, Inc.

2. At the right side of the SAML Settings dialog box, click Download Okta Certificate. Okta SAML Authentication with WatchGuard Access Portal Integration Guide 9

3. Save the certificate. Click Next. 4. In the Are you a customer or partner? section, select an option: I'm an Okta customer adding an internal app Most deployments are in this category. I'm a software vendor. I'd like to integrate my app with Okta Select this option if your company is deploying a service for general public use. 5. Click Finish. 10 WatchGuard Technologies, Inc.

Next, configure the Sign On settings for the app you added in the previous section. 1. Select the Sign On tab. SAML 2.0 is not configured. 2. Below the View Setup Instructions button, copy the Identity Provider metadata link. The link is in this format: https://<okta account name>.okta.com/app/<random value>/sso/saml/metadata. Okta SAML Authentication with WatchGuard Access Portal Integration Guide 11

Complete the WatchGuard SAML Setup From Fireware Web UI: 1. Select Subscription Services > Access Portal. 2. Select the User Connection Settings tab. 3. Click Configure. 4. Select the SAML tab. 5. In the Identity Provider (IdP) Settings section, in the IdP Metadata URL text box, type the IdP Metadata URL from the Okta setup. 6. Click Save. 12 WatchGuard Technologies, Inc.

Test the Integration If you do not already have a user account or a group set up, you can follow these steps to test the authentication. Okta User and Group 1. Login as the Okta Administrator. 2. From the top navigation bar, select Directory > Groups. 3. Click Add Group. 4. Specify a name and a description for this group. Click Save. 5. From the top navigation bar, select Directory > People. 6. Click Add Person. The Add Person dialog box appears. 7. Type the First name, Last name, Username (this is an email ID), and Primary email. Secondary email and Groups are optional. Okta SAML Authentication with WatchGuard Access Portal Integration Guide 13

8. Click Save 14 WatchGuard Technologies, Inc.

Add the Group to the Firebox From Fireware Web UI: 1. Select Authentication > Users and Groups. Click Add. The Add User or Group dialog box appears. 2. Type the Name and Description for this group. 3. From the Authentication Server drop-down list, select the SAML authentication server. 4. Click OK. The Users and Groups page appears. 5. Click Save. 6. Select Subscription Services > Access Portal. The Access Portal page appears with the Applications tab selected. 7. Click Add and select Host Desktop Access (RDP). The RDP Host page appears. Okta SAML Authentication with WatchGuard Access Portal Integration Guide 15

8. On the Access Portal page, select the User Connection Settings tab. 9. Select Specify the applications available to each user and group. Click Add. The Add User or Group page appears. 10. From the Authentication Server drop-down list, select the name of the SAML configuration. 11. From the Type drop-down list, select Group. 12. In the Name text box, type the name you specified for the group in the previous section. 16 WatchGuard Technologies, Inc.

13. Click OK. 14. Click Save. Okta SAML Authentication with WatchGuard Access Portal Integration Guide 17

After you have completed these configurations steps, your users can sign in either to Okta Identity Cloud, or to a resource that is configured with Okta SAML Single Sign-On. 1. Type the URL for the portal in this format: https://<host name>. The Log In page appears with the name of the SAML portal you configured at the top of the page. 2. To log in, click the name of the SAML portal. In this example, click MY_OKTA_NAME. The user can now get access to the resource. 18 WatchGuard Technologies, Inc.

About This Guide Guide Type Documented Integration WatchGuard or a Technology Partner has provided documentation demonstrating integration. Guide Details WatchGuard provides integration instructions to help our customers configure WatchGuard products to work with products created by other organizations. If you need more information or technical support about how to configure a third-party product, see the documentation and support resources for that product. Information in this guide is subject to change without notice. Companies, names, and data used in examples herein are fictitious unless otherwise noted. No part of this guide may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of WatchGuard Technologies, Inc. Guide revised: 1/12/2018 Copyright, Trademark, and Patent Information Copyright 1998 2018 WatchGuard Technologies, Inc. All rights reserved. All trademarks or trade names mentioned herein, if any, are the property of their respective owners. Complete copyright, trademark, patent, and licensing information can be found in the Copyright and Licensing Guide, available online at http://www.watchguard.com/wgrd-help/documentation/overview. About WatchGuard WatchGuard Technologies, Inc. is a global leader in network security, providing best-in-class Unified Threat Management, Next Generation Firewall, secure Wi-Fi, and network intelligence products and services to more than 75,000 customers worldwide. The company s mission is to make enterprisegrade security accessible to companies of all types and sizes through simplicity, making WatchGuard an ideal solution for Distributed Enterprises and SMBs. WatchGuard is headquartered in Seattle, Washington, with offices throughout North America, Europe, Asia Pacific, and Latin America. To learn more, visit WatchGuard.com. For additional information, promotions and updates, follow WatchGuard on Twitter, @WatchGuard on Facebook, or on the LinkedIn Company page. Also, visit our InfoSec blog, Secplicity, for real-time information about the latest threats and how to cope with them at www.secplicity.org. Address 505 Fifth Avenue South Suite 500 Seattle, WA 98104 Support www.watchguard.com/support U.S. and Canada +877.232.3531 All Other Countries +1.206.521.3575 Sales U.S. and Canada +1.800.734.9905 All Other Countries +1.206.613.0895 Okta SAML Authentication with WatchGuard Access Portal Integration Guide 19

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback