Okta

Use these steps to configure the SSOClosed Single Sign-On (SSO) - A session/user authentication process that permits a user to enter one name and password in order to access multiple applications. authentication with Okta.

Step 1: Select IdP and Title

  1. In the Infinity Portal go to Global Settings > Identity & Access > click the plus icon.

  2. Select Okta.

  3. Click Next.

Step 2: Verify your Domain

  1. The DNS record is generated. Click to copy the generated DNS record value

  2. Enter this generated DNS record to your DNS server as a TXT record.

  3. Below Domain(s), enter your organization's domain and click the plus icon.

    Check Point makes a DNS query to verify your domain configuration.

  4. Click Next.

    Note - Wait until the DNS record is propagated and can be resolved.

Step 3: Create an Application in the Okta Portal

  1. Log in to your Okta Portal.

  2. Navigate to Applications and click Create App Integration.

  3. Select SAMLClosed Security Assertion Markup Language. An XML-based, open-standard data format for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. 2.0 for Sign on method. Click Next.

    At this time you are in Create SAML Integration.

  4. In General Settings, set the application name to Check Point Infinity Portal and click Next.

Step 4: Allow Connectivity

  1. In the Allow Connectivity page, copy the Entity ID and the Reply URL.

  2. In the Okta Portal and edit the SAML settings:

    • Single sign on URL - Use the Reply URL.

    • Audience URI (SP Entity ID) - Use the Entity ID.

    • Name ID format - Set to EmailAddress.

    • Application username - Set to the Okta username.

Step 5: Set user and group attributes

  1. In the same SAML settings page, set attribute statements:

    • Name - firstName

      Name format - unspecified

      Value - user.firstName

    • Name - lastName

      Name format - unspecified

      Value - user.lastName

    • Name - userId

      Name format - unspecified

      Value - user.id

  2. Set group attribute statement:

    Name - groups

    Name format - Basic

    Filter - Matches regex, value: .*

  3. Click Next.

  4. Click Finish.

Important - Copy the name of the assigned group for use with the Check Point Infinity Portal User Group IdP ID field.

Step 6: Configure Metadata

  1. Create a Metadata file:

    1. Go to the Sign On tab.

    2. Right-click Identity Provider metadata.

    3. Save the link as a new file named InfinityPortalOktaMetaData.XML.

  2. After you create the metadata XML file in the Okta Portal, go to the Allow Connectivity page in the Check Point Infinity Portal and click Next.

  3. In the Configure Metadata page, upload the Federation Metadata XML that you downloaded from your Okta Portal.

    Note - Check Point uses the service URL and the name of your Certificate to identify your users behind the sites.

  4. Click Next.

    Check Point verifies the metadata of your Identity ProviderClosed A system entity that creates, maintains, and manages identity information for principals and also provides authentication services to relying applications within a federation or distributed network. Acronym: IdP or IDP..

Step 7: Review

Review the details of the SSO configuration are correct and click Submit.

Important - Create a user group with the applicable roles and assign it to the related IdP group name or ID, which depends on the applicable identity provider, before you log out. For more information, see User Groups.