Configure SAML with Okta
Set up
You can configure Google Threat Intelligence to use SAML with Okta. These are the recommended steps for this set-up:
1. Okta Admin Panel
In the Okta Admin Panel, go to the Applications tab:
2. Applications tab
In the Applications tab, click on “Create App Integration”
3. Select “SAML 2.0”
4. Provide an app name and a logo
5. Fill in the fields
Fill the following fields with the following information:
Single sign on URL:
https://virustotalcloud.firebaseapp.com/__/auth/handler
Audience URI: You can use any string you want as “Audience URI” as long as it's exactly the same in Google Threat Intelligence and in Okta. Alternatively, you can also introduce the Single sign on URL mentioned above
Name ID: “EmailAddress”
Application username: “Email”
* Leave all other fields with their default values:
6. Configuration is finished. View Setup Instructions
Once your configuration is finished, this is how your configuration should look. Click on the “View Setup Instructions” button:
7. Overview
You should see something like this:
8. Copy data in Google Threat Intelligence
Copy those values in your Google Threat Intelligence’s group configuration available at https://www.virustotal.com/gui/group/GROUP_NAME/settings and click on Save SSO data:
9. Copy the Google Threat Intelligence sign-in URL
Copy the URL at the “Google Threat Intelligence sign-in URL” section and use it to configure a bookmark app that will launch the sign-in process.
10. Bookmark app
Your users must use the bookmark app to login into Google Threat Intelligence. Make sure the SAML app is hidden for them.
Troubleshooting
This section aims to provide steps to solve the most common issues when setting up a SAML configuration.
-
Unable to Process request due to missing initial state. This may happen if browser sessionStorage is inaccessible or accidentally cleared: Check the reply URL is configured correctly on your IdP configuration.
-
Pop up blocked: The signin dialog opens in a popup, so you need to explicitly allow virustotal.com to open popups.
-
Response mismatch: the field "identity provider issuer" must be an URL to your SAML provider.
-
Error: app_not_configured_for_user: Specifically when configuring SAML using Google Workspace. This error occurs when attempting to log into signin.blackbaud.com using a BBID enabled Google account while another Google account is already signed in in the browser
-
User is not assigned to this application.: Contact your group administrators so they can add you to the user list on Okta.
If you still need assistance, contact our support team attaching the SAML XML configuration.
Updated about 1 month ago