Configure Okta federated authentication for Arctic Wolf web portals

You can configure Okta® as a Federated Identity Management (FIM) source for Arctic Wolf® web portals.

These resources are required:

  • Administrator permissions for the Arctic Wolf Unified Portal.

    You must be a primary or secondary contact. If you require this level of access, submit your request to a primary or secondary contact in your organization.

These actions are required:

  • Allowlist all necessary IP addresses. To see the IP addresses that you must allowlist, sign in to the Arctic Wolf Unified Portal, click Resources > Allowlist Requirements, and then view the IP addresses in the section for your product.

Configure the application integration

  1. Sign in to the Okta Admin Console.
  2. In the navigation menu, click Applications > Applications.
  3. Click Create App Integration.
  4. In the Create a new app integration dialog, configure these settings:
    • Sign-in method — Select OIDC - OpenID Connect.
    • Application type — Select Web Application.
  5. Click Next.
  6. In the next dialog, configure these settings:
    • App Integration Name — Enter a descriptive name. For example,Arctic Wolf Unified Portal.
    • Logo — (Optional) Add a logo for the application.
    • Grant Type — Select these checkboxes:
      • Implicit (hybrid)
      • Allow ID Token with implicit grant type
      • Allow Access Token with implicit grant type
    • Sign-in redirect URIs — Enter https://auth.arcticwolf.com/login/callback.
    • Sign-out redirect URIs — Click X to clear all fields.
    • Trusted Origins — Click X to clear all fields.
    • Controlled Access — Select an option.
    • Enable immediate access — Select Enabled immediate access with Federation Broker Mode.
  7. Click Save.
  8. Click the General tab.
  9. Copy the Client ID and Client secret values, and then save them in a safe, encrypted location. You will provide them to Arctic Wolf later.
  10. In the General Settings section, click Edit.
  11. Under Grant Type, select these checkboxes:
    • Allow ID Token with implicit grant type
    • Allow Access Token with implicit grant type
  12. Click Save.

Set the issuer URL

  1. Click the Sign On tab.
  2. In the OpenID Connect ID Token section, in the Issuer list, do one of these actions:
    • Select Okta URL.
    • Set a custom domain value.
  3. Click Save.
  4. Copy the Okta URL.
  5. Add /.well-known/openid-configuration to the end of the Okta URL to create the Issuer URL. For example, if the Okta URL is https://demo1234.okta.com, the Issuer URL is https://demo1234.okta.com/.well-known/openid-configuration.
  6. Copy the Issuer URL, and then save it in a safe location. You will provide the Issuer URL to Arctic Wolf later.

Provide your Okta credentials to Arctic Wolf

  1. Sign in to the Arctic Wolf Unified Portal.
  2. In the navigation menu, click Organization Profile > Federated Authentication.
  3. Click Submit New Credentials .
  4. Configure these settings:
    • Account Name — Enter a unique and descriptive name for the account. For example, Okta SSO.
    • Issuer URL — Enter the IdP Issuer URL.
    • Client ID — Enter the IdP-issued client ID.
    • Client Secret — Enter the IdP-issued client secret.
    • Domain Name — Enter your company email domain name.
    • Credential Expiry — (Optional) Enter the credential expiration date, if applicable.
  5. Click Submit Credentials.
  6. To apply the configuration:
    1. When prompted to sign out of the Unified Portal, click Confirm and Logout.
    2. Sign in to the Unified Portal through your identity provider (IdP).