Cisco+ Secure Connect - IdP Okta SAML Configuration
Enable SSO with Okta
To enable single sign-on (SSO) with SAML for Cisco+ Secure Connect, you must first add the Okta app for Umbrella to your organization, then follow a step-by-step wizard to complete the process in Umbrella.
- Navigate to Admin > Authentication.
- In the SAML Dashboard User Configuration section, click Enable SAML.

- Select Okta and click Next.

- From the Instructions tab, follow instructions as listed. You'll be asked to provide the provider metadata.
- To configure Okta for Umbrella to gather the metadata, log into your Okta dashboard as the user you want to configure for Umbrella and go to the Admin tab. It's best if you start by logging into the Okta dashboard with the same account you are using in the Umbrella dashboard.
- In the Okta dashboard, click Applications and then click Add Application.
- Search for “Cisco Umbrella” and click Add to add the application named "Cisco Umbrella".
- Assign an easily identifiable label for the Application, keep defaults as is for General Settings, and then click Next.
- Under Sign-On Methods, select SAML 2.0. You can disable force authentication here.
- Click the hyperlink for Identity Provider metadata and save the downloaded metadata file. You will need this in step 3 of the Umbrella setup wizard.

- Return to the Sign-On Options and from the Application Username Format drop-down list, choose Email and then click Next.

- Assign the application to one or more users. All accounts that need to access the dashboard now or in the future should be selected here and have the application assigned to them or they will not be able to log in.
- In the final Okta step, ensure the proper user attributes have been enabled for each account, specifically the username (email). The email must match exactly the email that's used to log into Umbrella.
- In Umbrella navigate to Settings > Authentication and proceed to step 3 of the wizard – Upload Metadata.

- Click Choose File, select the metadata file you downloaded from Okta and click then Next.
- Click Test Your SAML Configuration and enter the Umbrella email for your current logged in user that was added to the Okta application. After the test completes, a success message should be displayed. All authentication to the Umbrella dashboard for all users in your organization is now handled by Okta.