Log in to your Okta account.

In the left sidebar, select "Applications" then click the "Applications" link in the expanded section. Next, click the "Create App Integration" button.

In the "Create a new app integration" window, choose "SAML 2.0" for the sign-in method, then click "Next".

Next, type in "Kolide", or whatever unique identifier you want for the app, into the "App name" field. Optionally, you can add an app logo. Feel free to use this one:

Click "Next".

Now, you'll need some values from within Kolide, so log in to your Kolide account, click on your profile picture in the upper right-hand corner, then click "Settings".

Now, click "Single Sign-On" in the left sidebar.

Copy the value from the "Kolide SSO URL" field from within Kolide and paste it into the "Single sign on URL" field in Okta, then copy the value from the "Kolide Issuer URL" field in Kolide and paste in into the "Audience URI (SP Entity ID)" field in Okta.

In the "Name ID format" dropdown, select "EmailAddress" and in the "Application username" dropdown, select "Email".

Scroll to the bottom of the page and click "Next".

This will take you to an optional Feedback page. You can certainly fill this out, or just select "I'm an Okta customer adding an internal app" and click "Finish".

Now, click the "Assignments tab", click the "Assign" button, then choose "Assign to People".

Find the user whose email address matches your Kolide email and click "Assign" on the right.

On the next screen, click "Save and Go Back", then close the modal by clicking the "Done" button.

Click the "Sign On" tab in Okta. Scroll down to the "SAML Signing Certificates" section and click the "View SAML setup instructions" button on the right.

You will need a couple values from this page to finish configuring SAML within Kolide. Copy the "Identity Provider Single Sign-On URL" value and paste it into the "IDP SSO Target URL" field in your Kolide "SAML Settings" page. Now, copy the value from the "X.509 Certificate" field in Okta and paste it into the "X.509 Certificate" field in Kolide.

Click the "Save & Test SSO" button, and now you should see your SAML settings marked as "Configured".

Next, click on "Authentication & Provisioning" in the Kolide sidebar, choose "SAML-based Single Sign On (only)".

Click "Save Changes", which will now make other sign in methods inaccessible.

Your team will see a message in their inbox letting them know of this change.

Now, when your team signs in, they will see this:

BOOM! Now you're all set! Now get cracking :)

Did this answer your question?