Okta IdP SSO Integration Guide

Created by Jason Carreiro, Modified on Wed, 15 Feb, 2023 at 4:06 PM by Marc Chouinard

Scenario:

Proofpoint Essentials supports integration with Identity Providers for authentication adhering to Security Assertion Markup Language (SAML) standards. Multiple identity providers for an organization are fully supported.

Proofpoint Essentials supports single sign-on (SSO) via Security Assertion Markup Language. When working with an external IdP, it can be set up as your identity provider (IdP) for SSO to Proofpoint Admin Console.

Okta SAML/SSO Configuration:

  1. Navigate to Administration > Account Management > Identity Providers.

    clipboard_ed6d9e743a57df22c428e7246e1fecdd6.png
  2. At the top right-hand corner, click Add Identity Provider.

  3. In the New Identity Provider dialog panel, add a meaningful name and description to the Identity Provider. The given name will display on the Identity Provider button on the main login screen.

    clipboard_e2c83480a548465a152f9345d0c18249d.png

  4. In the Icon section, select the appropriate icon according to your desired integration (Okta).

  5. Click Next

Configuring SAML/SSO In Okta Portal

  1. Log into Okta as administrator.

  2. Select Application > Add a New SAML App - > Create SAML Integration.

    clipboard_ee8e17277d6c5891d51290c38d4cf26a8.png

  3. Give your app a name and select next.

    clipboard_ed80c87978cc63cad3f9051865343dd3e.png

  4. Copy and paste the values from Proofpoint Essentials Identity Provider setup into the following fields.

    Okta

    Proofpoint Essentials

    Single sign on URL

    Login URL

    Audience URI (SP Entity ID)

    Entity ID

    Single Logout URLLogout URL
  5. Check/Tick Use this for Recipient URL and Destination URL

  6. Change Name ID format to EmailAddress

  7. Change Application username to Email

  8. Under Signature Certificate, add Certificate from Essentials IDP create (Upload file with cert) (For this step, copy the X.509 Certificate value from ProofPoint Portal into a basic text editor and save into ProofPoint.cer (Notepad recommended for Windows users, do not use Word). You might get a 1 day expiry notice at this step, you can ignore the notification and continue.

  9. Click Finish.

  10. Click View SAML setup Instructions

     clipboard_ed17a47dbdc8df1dcf3dd8a46490f2297.png 

16. Copy and paste the values into Proofpoint Essentials Identity Provider setup from the Okta SAML setup instructions.

Microsoft Azure

Proofpoint Essentials

Identity Provider Issuer

Identity Provider Single Sign-On URL

Identity Provider Single Sign-On URL

Identity Provider Login URL

Identity Provider Single logout URL

Identity Provider Logout URL

X.509 Certificate

Identity Provider X.509 Certificate


clipboard_edaa7411a0f73f3f67f8d984c0421ebec.png

17. Click Enable Single Sign-On. When enabled, the Identity Provider Sign in with button will display on main login screen.


18. Click Save and Close.


19. Finally, ensure users or groups are assigned to the application to enable SSO usage.