Integrating Bitsight with Okta

• About SAML with Okta
• Getting Started
  • Catalog App
  • Custom Application
• Basic SAML Configuration
• User and Attribute Claims
• Downloading and Uploading Metadata
• Single Sign-On Setup Using SAML
• User Creation with SAML Enabled
• Disabling SAML
• Optional Attributes (Not Required)

About SAML with Okta

This document is the overview and steps to integrate the Bitsight platform with Okta. At this time, a Bitsight catalog application for Okta is available and is searchable by simply adding a new application and searching for “Bitsight.” The steps below will outline how to integrate the Bitsight platform with Okta, using an additional custom connector, should the need for additional attributes arise. The purpose of this documentation is to integrate Okta and the Bitsight platform if the need for roles and groups are required.

Getting Started

Catalog App

To get started, navigate to your Admin instance on the Okta dashboard.

When in the dashboard take the following steps:

1. Applications
2. Search Application
3. Bitsight - Add
4. Audience Restriction = https://service.bitsighttech.com/saml/metadata/
5. Save

Custom Application

To get started, navigate to your Admin instance on the Okta dashboard.

When in the dashboard take the following steps:

1. Applications
2. Create New Application
3. Platform = Web - New Application = SAML 2.0

Basic SAML Configuration

1. Single Sign on URL = https://service.bitsighttech.com/saml/acs/GUID
2. Audience URI (SP Entity ID) = https://service.bitsight.com/saml/GUID
3. Name ID format = emailAddress
4. Application username = email

User and Attribute Claims

When entering the user an attribute claims you must select URI. Attribute Statements (optional) the first name space will be urn:oid:0.9.2342.19200300.100.1.3 - URI refrence - Value = user.email.

1. Enter the claim name for given name and replace with urn.oid.2.5.4.3 mapped to user.firstName
2. Enter the claim name for last name and replace with urn.oid.2.5.4.4 mapped to user.lastName

Although not required for this integration, you can specify additional attributes as outlined in Optional Attributes (Not Required).

Downloading and Uploading Metadata

Once you have configured and saved the steps above you can now download the metadata XML from Okta and upload this to the Bitsight SAML self-service portal.

1. Select Download Metadata XML from your Okta portal, under the “SAML Sign on Settings” category.
   
2. On the Bitsight platform, navigate to the SAML page [Settings ➔ SAML].
3. Find Section labeled “SAML Metadata for your IdP.” Select Load from URL.
   
4. Open the file Downloaded from Step 1.

Optional Attributes (Not Required)

These are additional attributes that can be specified. They are not required for this integration using Okta. These items are optional only.

Full Name. This can be specified in place of the last name field if the user's name is not of the form, “Firstname Lastname.”

User Role. This specifies the user's role in the Bitsight platform. This field is optional (in which case the user's role will be a standard user role, or left unchanged). Otherwise it must be one of these strings:

• Customer User
• Customer Admin
• Customer Group Admin
• Customer Portfolio Manager

User Group. This specifies the user's group. If the group does not already exist, it will be created (and will be empty initially). If this is not specified, then the customer's default group is used.