How to configure SAML for Kolide

How to configure SAML for Kolide

Work In Progress:
This guide is meant to be used with Kolide’s Okta Integration Network (OIN) app which is not yet released. We are making this guide available publicly early to assist in Okta’s official review.

In this step, we will add Kolide as an Application to your Okta instance and configure single sign-on with SAML. (Enabling SAML affects all users who use Kolide.)

Supported Features

  • SP-initiated SSO (Single Sign-On)
  • IdP-initiated SSO (through Third-party Initiated Login)

Configuration Steps

If you haven’t already, sign into your Okta Administrative portal https://${yourOktaDomain} Once signed in, click Applications in the left-hand sidebar, and then Browse App Catalog near the top of the resulting page.

Search for “kolide” in the search bar, and then click the Kolide integration from the results.

Click the Add Integration button to add the Kolide integration to your Okta instance.

When the app integration is added to your Okta instance, you will be redirected to the applications assignments page. Click on the Sign On tab then click the Edit link.

Scroll down to the Advanced Sign-on Settings section to the Customer ID field. Enter your Kolide Customer ID, and click the Save button.

Your Kolide Customer ID may be found in the Step 1 - App Setup section of the Authentication & Provisioning settings page.

After updating the Customer ID, ensure you are still on the Sign On tab then click the More details disclosure under the SAML 2.0 Metadata details section.

From the now revealed section, copy the Sign on URL and download the Okta Signing Certificate to your computer.

Then in Kolide, paste Sign On URL value into the field labeled IDP SSO Target URL. Finally, upload the downloaded certificate by drag-and-dropping it into the X.509 Certificate field (don’t forget to delete it from your device once uploaded).

Next, click Confirm Settings by Testing Sign In and complete the authentication process to complete this step.