Authentication
      Back to home
      1. Vali Cyber Knowledge Base
      2. ZeroLock®
      3. Authentication

      Enabling SSO in the ZeroLock® Environment using Okta

      This article will walk through configuring a ZeroLock Environment for Single Sign On (SSO) using Okta, a cloud-based identity and access management service.

      Application Creation and Configuration

      To create and configure an application for the ZeroLock Management Console (ZMC) in Okta use the following steps. 

      1. Log in to the Okta admin center using your company’s credentials and go to Applications | Applications | Create App Integration. Step1_Create App Integration
      2. On the ‘Create a new app integration’ screen, select SAML 2.0 and click Next. Step2_Create New App Integration

      3. Name the application, for this example, it’s ZeroLock Management Console, then click the Next button.
        Step3_Okta ZeroLock Screen

      4. Add the Audience URI and the Single sign-on URL. These can be found in the Service Provider Config section on the System Settings page of the ZeroLock Management Console.
        1. Audience URI = Entity ID
        2. Single sign-on URL = Reply URL

          Service Provider Config v3.2.2
          Step4_Create SAML Integration
      5. Select 'I’m an Okta customer adding an internal app' and click on FINISH.Step5_Okta Customer_Finish-1
      6. Go to Applications | Applications and select the ZeroLock Management Console application.Step6_ZMC Application
      7. Click Sign On.
        Step7_Sign On
      8. In the SAML 2.0 section select More details.Step8_SAML Section_More details
      9. From the More details section, copy the below settings into the Identity Provider Config section in ZMC. 
        1. Sign on URL = Login URL 
        2. Sign out URL = Logout URL
        3. Issuer = IDP Identifier 

        Step9_Sign On Sign Out
        Identity Provider Config_v3.2.2

      10. Download the signing certificate and upload it to ZMC.Step10_Download Signing Certificate
        Step10_Upload Signing Certificate ZMC

      Adding Users

      In Okta, select the users for SSO access to the ZeroLock Management Console application. Users may be assigned to the ZMC individually or in groups. This is done under the Applications | Applications | Assignments screen. Step11_Assignments Screen

       

      Configuring the ZeroLock Management Console  

      If you are using a locally hosted environment and NOT the Vali Cyber hosted SaaS environment, it is necessary for the domain name for your Okta users to be entered in the Tenants section. The following will take you through that process.

      For the Vali Cyber-hosted SaaS environment contact Vali Cyber to have the Support Team enter the domain name.

      1. In ZeroLock Management Console (ZMC) go to Manage Users | Tenants and select the tenant that is to have SSO enabled. 
        Part_2_Step1_Tenants

      2. Double-clicking anywhere on the Tenant line will open the Edit Tenant screen. Once there, fill in the domain name with the domain for your Okta users. (Example: if the email address is user@mydomain.com then the domain name would be mydomain.com). Click the Edit Tenant  button to save changes. 
        Part2_Step2_Edit Tenant

      3. For users that are to use SSO, when creating a new user or modifying an existing user, switch the SSO Account dropdown to YES. Lastly, select Update.  
        Part2_Step3_Edit User

      4. When logging into the ZeroLock Management Console with this user, you should see the Okta login screen. When you log in with an SSO user, if an account has not already been created, the ZMC will create an account for you.

      Congratulations, you have successfully configured SSO for the ZeroLock Management Console.