Cisco Umbrella SAML Integration for Okta – Overview
This article is specific to configuring Cisco Umbrella to integrate with Okta for Single Sign-on with SAML. In order to enable SAML for Umbrella, you must first add the Okta app for Umbrella to your organization, then follow a step-by-step wizard to complete the process in Umbrella. For more information on how SAML integration works with Umbrella, read our overview here.
- In Umbrella, navigate to Settings > Authentication.
- Click SAML in the table to expand it.
- Select Okta from the list of providers and click Next.
- From the Instructions tab, follow instructions as listed. You'll be asked to provide the provider metadata.
- To configure Okta for Umbrella to gather the metadata, log into your Okta dashboard as the user you want to configure for Umbrella and go to the Admin tab. It's best if you start by logging into the Okta dashboard with the same account you are using in the Umbrella dashboard.
- In the Okta dashboard, click Applications then click Add Application.
- Search for “Cisco Umbrella” and click Add to add the application named "Cisco Umbrella".
- Assign an easily identifiable label for the Application, then keep the defaults in the General Settings, then click Next.
- Under Sign-On Methods, ensure “SAML 2.0” is selected. If you would like to disable force authentication, you can do this here.
- Click the hyperlink for "Identity Provider metadata" and save the metadata file that is downloaded. You will need this in step 3 of the Umbrella setup wizard.
- Return to the Sign-On Options and from the Application Username Format drop-down list, choose Email.
- Click Next, then assign the application to one or more users. All accounts that need to access the dashboard now or in the future should be selected here and have the application assigned to them or they will not be able to log in.
- In the final Okta step, ensure the proper user attributes have been enabled for each account, specifically the username (email). The email must match exactly the email that's used to log in to the Umbrella dashboard.
- Once you've completed the application setup, return to Umbrella and navigate to Settings > Authentication and proceed to step 3 of the wizard – Upload Metadata.
- Click Choose File and select the metadata file you downloaded from Okta and click Next.
- Click Test Your SAML Configuration. Enter the Umbrella email for your current logged in user that was added to the Okta application. After the test completes, a success message should be shown.