scanner
  • About Scanner
  • When to use it
  • Architecture
  • Getting Started
  • Playground Guide
    • Overview
    • Part 1: Search and Analysis
    • Part 2: Detection Rules
    • Wrapping Up
  • Log Data Sources
    • Overview
    • List
      • AWS
        • AWS Aurora
        • AWS CloudTrail
        • AWS CloudWatch
        • AWS ECS
        • AWS EKS
        • AWS GuardDuty
        • AWS Lambda
        • AWS Route53 Resolver
        • AWS VPC Flow
        • AWS VPC Transit Gateway Flow
        • AWS WAF
      • Cloudflare
        • Audit Logs
        • Firewall Events
        • HTTP Requests
        • Other Datasets
      • Crowdstrike
      • Custom via Fluentd
      • Fastly
      • GitHub
      • Jamf
      • Lacework
      • Osquery
      • OSSEC
      • Sophos
      • Sublime Security
      • Suricata
      • Syslog
      • Teleport
      • Windows Defender
      • Windows Sysmon
      • Zeek
  • Indexing Your Logs in S3
    • Linking AWS Accounts
      • Manual setup
        • AWS CloudShell
      • Infra-as-code
        • AWS CloudFormation
        • Terraform
        • Pulumi
    • Creating S3 Import Rules
      • Configuration - Basic
      • Configuration - Optional Transformations
      • Previewing Imports
      • Regular Expressions in Import Rules
  • Using Scanner
    • Query Syntax
    • Aggregation Functions
      • avg()
      • count()
      • countdistinct()
      • eval()
      • groupbycount()
      • max()
      • min()
      • percentile()
      • rename()
      • stats()
      • sum()
      • table()
      • var()
      • where()
    • Detection Rules
      • Event Sinks
      • Out-of-the-Box Detection Rules
      • MITRE Tags
    • API
      • Ad hoc queries
      • Detection Rules
      • Event Sinks
      • Validating YAML files
    • Built-in Indexes
      • _audit
    • Role-Based Access Control (RBAC)
    • Beta features
      • Scanner for Splunk
        • Getting Started
        • Using Scanner Search Commands
        • Dashboards
        • Creating Custom Content in Splunk Security Essentials
      • Scanner for Grafana
        • Getting Started
      • Jupyter Notebooks
        • Getting Started with Jupyter Notebooks
        • Scanner Notebooks on Github
      • Detection Rules as Code
        • Getting Started
        • Writing Detection Rules
        • CLI
        • Managing Synced Detection Rules
      • Detection Alert Formatting
      • Scalar Functions and Operators
        • coalesce()
        • if()
        • arr.join()
        • math.abs()
        • math.round()
        • str.uriencode()
  • Single Sign On (SSO)
    • Overview
    • Okta
      • Okta Workforce
      • SAML
  • Self-Hosted Scanner
    • Overview
Powered by GitBook
On this page
  • Step 1: Contact your Scanner support team to get Single Sign-On URL and Audience URI
  • Step 2: Create Okta SAML Application Integration
  • Step 3: Assign a group to the application
  • Step 4: Send URLs and Signing Certificate to Scanner
  • Step 5: Scanner support engineer will complete the integration
  • Step 6: Log in to Scanner

Was this helpful?

  1. Single Sign On (SSO)
  2. Okta

SAML

PreviousOkta WorkforceNextOverview

Last updated 11 months ago

Was this helpful?

For teams using Okta as their enterprise identity provider, Okta recommends using the , but you can also use the SAML integration to configure SSO.

Here are the steps you need to take to configure Okta as a SAML-based identity provider.

Step 1: Contact your Scanner support team to get Single Sign-On URL and Audience URI

When you create your Okta SAML application integration, you will need two pieces of information first:

  • Single sign-on URL. It will be a URL with this format:

    • https://login.scanner.dev/login/callback?connection=<connection-name>&organization=<org-id>

  • Audience URI (SP Entity ID). It will be an identifier with this format:

    • urn:auth0:scanner-production:<connection-name>

Contact your Scanner support team (either in your enterprise's private Slack channel or email) to start the process and receive these values.

Step 2: Create Okta SAML Application Integration

  1. Within your Okta dashboard, navigate to Applications > Applications.

  2. Click Create App Integration.

  3. For the Sign-in method, select SAML 2.0. Click Next.

  4. Set the App integration name to "Scanner.dev" or another name if you like. The logo is optional, but you can download and use. Click Next.

  5. For Single sign-on URL, enter the value given earlier by your Scanner support team. It will be a URL with this format: https://login.scanner.dev/login/callback?connection=<connection-name>&organization=<org-id>

  6. For Audience URI (SP Entity ID), enter the value given earlier by your Scanner support team. It will be an identifier with this format: urn:auth0:scanner-production:<connection-name>

  7. Click Next.

  8. Under Did you find SAML docs for this app?, add the URL to the Scanner documentation, eg. https://docs.scanner.dev.

  9. Click Finish.

Step 3: Assign a group to the application

If you don't already have a Group in Okta containing users that will access Scanner, you can create a new group.

  1. Navigate to Directory > Groups.

  2. Click Add group.

  3. Set the name to "Scanner Users".

  4. In the group details, navigate to Applications, and click Assign applications.

  5. Search for "Scanner.dev", or whatever the name was that you gave to the application.

  6. Add users to the group.

Step 4: Send URLs and Signing Certificate to Scanner

You should now see the details of the new application integration.

  1. Under Sign On > Settings > Sign on methods > SAML 2.0, click More details.

  2. You should see the Sign on URL and Sign out URL. Copy-paste these somewhere.

  3. Click to download the Signing Certificate.

  4. Contact your Scanner support team (either in your enterprise's private Slack channel or email), who will help you in the process of sending the Sign on URL, Sign out URL, and Signing Certificate.

Step 5: Scanner support engineer will complete the integration

Your Scanner support engineer will create the new SSO integration and connect it to your Scanner instance.

The engineer will configure the integration such that all users with your enterprise's email domain will be directed to your Okta SSO login system. Coordinate with the engineer to decide what email domain(s) to use here.

Step 6: Log in to Scanner

  2. Enter your email address (should use your enterprise's email domain).

  3. Scanner will redirect to Okta, where you can log in.

  4. You'll be redirected to Scanner and can now use the application.

Note: At this point, you will have access to Scanner, but one of your team members with user invitation permissions must also add you to a team and give you an appropriate user role in Scanner before you can view data.

Visit the .

Okta Workforce integration
here is a link to a logo image
Scanner app to log in