Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CT-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Crypto Command Center
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Windows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

Compatible MFA Providers

Using Okta for Multifactor Authentication for CTE GuardPoints

search

Please Note:

printsuggest an editpdf paneldownload

Using Okta for Multifactor Authentication for CTE GuardPoints

Integration with Okta requires creating an OIDC connection in CipherTrust Manager, after you create an OIDC template in Okta.

copy link to clipboardPrerequisites

copy link to clipboardOn the Okta platform

  1. Create an admin user.

  2. Create one or more Okta users. Note that Okta requires the username to be in email format.

    • Create domain users in the format: <username>@<domain>.com

    • Create host specific users in the format: <username>@<hostname>.com

    • Create non-domain users in the format: <username>@localhost.com.

    Non-domain users map to system users with implicit host domain access on each host.

  3. Create an OIDC application (“App Integration”) with the following settings:

    • Application type: Web Application

    • Client Authentication: Client Secret

    • Grant type: Authorization Code

    • Login/Sign-in Redirect URIs: http://127.0.0.1:<CTE-OIDC-Login-Port>/auth/callback

    • Default value of CTE-OIDC-Login-Port: 5560, if CTE admin changes this port, they must provide the updated value.

  4. Note the OIDC parameters:

    • Client-ID as configured for the OIDC client

    • Client-Secret as shown for the OIDC client

copy link to clipboardOn CipherTrust Manager

The Provider Url for the Okta account is in the following format:

https://<okta-account>.okta.com/.well-known/openid-configuration

copy link to clipboardCreate an OIDC connection on CipherTrust Manager

  1. Log on to the CipherTrust Manager GUI as an administrator.

  2. In the left pane, click Access Management > Connections.

  3. In the Connections, click Add Connection.

  4. Click OIDC and then click Next.

  5. Provide a name for the connection and click Next.

  6. Enter values for the configuration information.

    Note

    Refer to your Multifactor Authentication provider profile for the values:

    • URL of OIDC provider:
    • For KeyCloak, select the URL of the OIDC provider

    • For Thales SafeNet Trusted Access, select Well Known Configuration URL

    • For all other providers, select the URL of the OIDC provider

    • Client-ID as configured for the OIDC client

    • Client-Secret as shown for the OIDC client

  7. Click Next and in the Add Products window, select CTE for product.

  8. Click Add Connection.

On this page

  • On the Okta platform
  • On CipherTrust Manager