Using SAML for Authentication

Most SAML products require information about the target application, such as the URLs for Secure SSO (SSSO), Recipient, and Destination. When setting up SAML with the Director, use the following information:

  • Single Sign On URL:  https://directorIP/users/saml/auth
  • Recipient URL: https://directorIP/users/saml/auth
  • Destination URL: https://directorIP/users/saml/auth
  • Audience Restriction: https://directorIP/users/saml/metadata

The SAML Authentication form in the platform does not change for the different SAML products. However, where you find the required information in the SAML product is unique, so use the product's documentation to identify the required information. We will continue to update this section with additional SAML products. If your product is not listed, you can still use the available process as a basis for your setup.

Authentication integrations are only for authentication; user permissions still need to be defined in the Validation Platform.

Enable SAML Authentication with Okta

  1. Go to Settings > User Settings. The User Settings page opens.
  2. Select Authentication.
  3. Enter the fully qualified domain name of your Director in the Director Hostname for SAML URLs field, if you want to use the FQDN instead of the IP address.
    f

    FQDNs must comply with RFC 1123, a standard that defines the requirements for FQDNs on the internet. This standard specifies that FQDNs can only contain the following:

    • Letters (A-Z, a-z)
    • Digits (0-9)
    • Hyphens (-)

    Underscores are not permitted.


    For more information, see RFC 1123: Requirements for Internet Hosts.

  4. Select SAML.
  5. Define the authentication fields, which are provided by your identity provider and are unique per product.

    1. Enter the SAML - Name Identifier Format.

      Get this from the metadata file <md:NameIDFormat>.

    2. Enter the SAML - AuthN Context.

    3. Enter the SAML - idP SSO URL (Login).

      Get this from the metadata file in the Location field
      <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location=""/>.

    4. Enter the SAML - IdP SLO URL(Logout).

      This is the same as the Login information.

    5. Enter the SAML - IdP Certificate.

      Get this from the metadata file: <ds:X509Certificate>.

    6. Enter the SAML - Attribute Map.

      This field may autopopulated after defining the other authentication fields.

  6. Select the Local User.

    This is the Admin user in the Director that can sign into the Director without using SSO.

  7. Based on your Authentication and security requirements, set the following to either true or false:

    These features need to be supported by the identity provider (SSO service).

    1. SAML - Authn Requests Signed.
    2. Enter the SAML - Logout Requests Signed.
    3. Enter the SAML - Logout Responses Signed.
    4. Enter the SAML - Want Assertions Signed.
    5. Enter the SAML - Metadata Signed.

  8. Enter the SAML -Digest Method

    This is the hash of the entire message in a SAML assertion and is dependent on the implementation. The Validation Platform supports SHA1 and SHA256.

  9. Enter the Signature Method.

    This is signature of the message from the identity provider and is dependent on the implementation of the SSO solution.

  10. Click Update Authentication Settings.

    The platform is ready for SSO with Okta.

SAML with Okta Authentication setup screen

© Copyright Mandiant. All rights reserved
  • First Published: June 5, 2022
  • Last updated: June 5, 2025
In This Article
Related Articles
  • None
Copyright © 2020 – 2021 Your Company, LLC. All rights reserved.