How to integrate Security Center with Okta using OpenID Connect - Security Center 5.12

Security Center Administrator Guide 5.12

Product
Security Center
Content type
Guides > Administrator guides
Version
5.12
Language
English
Last updated
2024-09-13

Before Security Center can use Okta to authenticate users with OpenID Connect, setup is required in Config Tool and the Okta Admin Console.

This example shows how to set up third-party authentication with Okta using the OpenID Connect (OIDC) UserInfo endpoint. The procedure is divided into three sections:

  1. Preparing Security Center
  2. Preparing Okta
  3. Integrating Security Center with Okta
Security Center offers assisted identity provider configuration to ease third-party authentication with Okta. It provides the relevant information needed for the configuration.
NOTE: When you create an Authentication Service role with Provider:Other, Security Center does not offer much assistance in the identity provider configuration.
Creating a role: Authentication Service window in Config Tool shows assisted identity provider configuration.
At each step, the configuration wizard helps you with the following tasks:
  • Locating the properties in the Okta Admin Console
  • Understanding the significance of each property
  • Validating the properties before you can proceed
  • Accessing corresponding help topics

To implement third-party authentication, you must have administrator rights in Security Center and Okta.

IMPORTANT: This sample integration might differ from your requirements and the Okta Admin Console is subject to change. When setting up Okta, ensure that all steps are adapted to your specific situation.

1 - Preparing Security Center

  1. Open Config Tool and connect to the Security Center main server as an administrator.
  2. From the Config Tool homepage, open the System task and click the Roles view.
  3. Click Add an entity () > Authentication Service.
    Add an entity menu in Config Tool, with the Authentication Service role highlighted.

    The Creating a role: Authentication Service window opens.

  4. In the Specific info section, select the identity provider and the authentication protocol and click Next.
    Provider
    Okta
    Protocol
    OpenID Connect
    Creating a role: Authentication Service window in Config Tool, with the Okta identity provider and the OpenID protocol selected.
  5. In the Basic information section, enter a name and optional description for the new Authentication Service role.
    Creating a role: Authentication Service window in Config Tool shows the Basic information fields for Okta.
  6. If there are partitions in your system, select the partition of which this role is a member and click Create.

    Partitions determine which Security Center users have access to this entity. Only users who have been granted access to the partition can see this role.

  7. From the App registration page, copy the redirect and logout URIs.

    For more information, see About role endpoints configuration.

  8. Click Suspend > Save.
    NOTE: The Suspend button allows you to save and exit the configuration wizard temporarily. You can suspend the configuration at any time during the process.

2 - Preparing Okta

Before completing these steps in the Okta Admin Console, you must have the following prerequisites:
  • An Okta administrator account
  • At least one user provisioned
  • At least one user group that contains the users you want to grant access to Security Center
  1. In the Okta Admin Console, select Applications > Applications and then click Create App Integration.
    Okta Admin Console shows the Create App Integration button on the Applications page.
  2. In the Create a new app integration wizard, select OIDC - OpenID Connect, Web Application and click Next.
    Create a new app integration wizard in the Okta Admin Console, with OIDC and Web Application selected.
  3. On the New Web App Integration page, configure the following settings and click Save:
    • App integration name: Enter the name of the App integration.
      New Web App Integration page in the Okta Admin Console, with callouts to App integration name and Grant type.
    • Sign-in redirect URIs: Copy from the redirect URIs in Security Center
      New Web App Integration page in the Okta Admin Console, with a callout to Sign-in redirect URIs.
    • Sign-out redirect URIs: Copy from the logout URIs in Security Center