SAML For Okta

Recorded Future only supports an SP-initiated flow. Please use the guide below to configure SSO via SAML for your users' ease of access. 

Please follow the instructions below to configure SAML in your Okta environment. An SSO Key is a unique identifier that is specific to each organization. This identifier is used in the configuration information below and can only be acquired by contacting the Support team. 

Due to the SP-initiated flow, Okta's SSO setup is a two-step process. In the first portion, we'll set up a standard SAML application and provide users access to it, but hide it from their use. Then, in the second part, we'll create a bookmark app so users can take advantage of our unique SP-redirect URL. 

Instructions

1. Sign in to your Okta admin center and select Applications from the main menu, then Applications from the sub-menu

2. Select to Create App Integration and select the option for SAML 2.0, then next
   
3. Add an app name (we suggest Recorded Future SAML Config) and an app logo. A logo has been provided at the bottom of this guide for faster user recognition. Select the checkbox for "Do not display application icon to users," then hit Next
   
4. On the configuration page, you'll need the following values. Note that these will require the SSO Key. Replace the <sso_key> with the actual key value. 
   
   Change the Application username to Email
   
   Please coordinate with Support on acquiring an SSO Key:
   
   
   • Single sign-on URL

     https://sso.recordedfuture.com/login/callback?connection=<sso_key>

   • Entity ID

     urn:auth0:recordedfuture:<SSO_key>

     
   • Once complete, select Next to move on to step 3, the Feedback tab, where you'll want to select the App Type of "This is an internal app that we have created," then select Finish
     
5. You'll then be redirected to the main application page, where you'll want to copy the Metadata URL to provide to Recorded Future Support. Once you have the URL, select the Assignments tab
   
6. Under Assignments, select either the applicable individuals or the access control group of users that need to be assigned access to Recorded Future
   

Next, we'll create an Okta Bookmark app. This bookmark will allow users to leverage an SP-initiated redirect URL to initiate SSO in a more familiar way.

1. From the main Applications page, select Browse App Catalog and search "Bookmark" to locate the Okta default Bookmark application, identified by a ✭
   
   
   
2. After selecting Add the application, you're then redirected to the application configuration page, where you'll want to rename the app in the "Application label" field. We suggest simply, "Recorded Future." Then enter the redirect URL below. Note you'll need to add the SSO Key here by replacing the <sso_key> as done previously
   

   • https://app.recordedfuture.com/live/login/?sso_key=<sso_key>

     
3. Once complete, select Done to move to the app Assignments page. Here, you'll once again assign the app to either the applicable individuals or the access control group of users that need to be assigned access to Recorded Future.
   
   
4. You can also update the app logo by selecting the Pencil icon at the top right of the box containing the star. A logo has been provided at the bottom of this guide for faster user recognition.