Cyber Risk Aware supports the OIDC federation protocol for SSO integration with Okta. The configuration steps for setting up this integration are listed below. It is broken into 2 steps:

  1. Register Application in your Okta administration portal.
  2. Update Authentication Settings in your Cyber Risk Aware portal.

Register Application in Okta Admin Portal

The first step is to register the Cyber Risk Aware application within your Okta portal. This will generate an application id and allow for your application to receive security tokens. 

When the Cyber Risk Aware application provides the generated application ID during the authentication flow, Okta will then provide a level of trust by providing the authenticated security token to Cyber Risk Aware to progress with login. 

The steps involved in registering the application are listed below:

  • Sign in to your Okta admin portal https:{company-name}
  • Within the main navigation, select Applications -> Applications

  • Click on the Add Application button.
  • Click Create New App

  • In the dialog that appears, select Web as the platform and OpenID Connect as the Sign On Method and click Create.

  • In the next screen, set the Application Name to any name of your choosing I.E. CRA. Add the following Login redirect URLs' and click Save
    • https://{your-company-name}
    • https://{your-company-name}

  • In details screen that appears, click Edit.
  • Check all checkboxes under the Allowed grant types.

  • Click Save
  • Upon returning to the details page, select the Sign-On tab.
  • Take note the Audience and Issuer fields. They will be used for configuration on the Cyber Risk Aware portal.

Configuration on Cyber Risk Aware

The last step is to add the minimal configuration needed to your Cyber Risk Aware portal.  

  • Login to your Cyber Risk Aware portal as an administrative user.
  • From the menu on the left, select Configuration and then Authentication Settings

  • From the Authentication Type drop-down, select OpenID.

  • For each of the fields, provide the values:
    • Post logout redirect URI : https://{your domain name}
    • Redirect URI: https://{your domain name}
    • Authority: Your Issuer URI from the Okta admin portal.
    • Client Id: This should be the Audience field you will have been provided with from the Okta application registration. See above.
    • Domain Hint:
    • Username Claim: This will default to preferred_username but can be updated to a claim of your choosing, for example the UPN claim would be:
  • Click Save

This concludes the setup. Please note that it may take one day for the changes to take effect,