INTEGRATING TWOSENSE WITH OKTA

This document will guide you through integrating TWOSENSE into your existing Okta SSO environment. The integration will use a SAML 2.0 IdP provided by TWOSENSE along with the browser extension agent. There are also other integrations if SAML 2.0 won't work for you (e.g RADIUS), please contact your TWOSENSE SE for more details.

What You'll Need To Do

There are 3 main steps you’ll need to follow to complete the deployment. Total time is usually under 30 minutes.

  1. Add the TWOSENSE SAML 2.0 IdP.

  2. Exchange SAML 2.0 certificates.

  3. Deploy the TWOSENSE browser extension.

Prerequisites

  1. An Okta Org. If you don't already have one, you can get a free account at https://developer.okta.com/

  2. An Enterprise account with TWOSENSE. Please contact us to obtain a 30-day trial if you don’t have one already.

  3. A SAML 2.0 IdP certificate provided by your TWSOENSE rep.

Step-By-Step

  1. Log in to your Okta instance with an administrator account in the “Classic Management UI” theme.

  2. From the Admin Console, hover over Security and then select Identity Providers.

  3. Click Add Identity Provider -> Add SAML 2.0 IdP

  4. In the Add an Identity Provider dialog box, define the following:

    1. Name“TWOSENSE.AI”

    2. IdP UsageSSO only

    3. IdP Usernameidpuser.subjectNameId

    4. Change If no match is found to Redirect to Okta sign-in page

    5. IdP Issuer URIhttps://idp.twosense.ai/metadata/

    6. IdP Single Sign-On URLhttps://idp.twosense.ai/sso/post/

    7. IdP Signature Certificate — upload the public.cert file [provided by your SE]

  5. Click Add Identity Provider

  6. Now reconfigure the IdP you just created. Select the Configure dropdown next to the new TWOSENSE IdP and select Configure Identity Provider

    1. Change IdP Usage to Factor only

    2. Click Update Identity Provider

  7. Download SAML metadata

    1. Click the expand button next to TWOSENSE.AI

    2. Click Download metadata

    3. Provide the metadata.xml to your SE

  8. Enable the TWOSENSE.AI IdP factor

    1. From the Admin Console, select Security from the main menu and then Multifactor

    2. On the Factor Types tab, select IdP Factor from the left navigation

    3. Click the Inactive drop-down box, and then select Activate

    4. Select TWOSENSE.AI from the IdP dropdown

    5. Click Save

You can now add TWOSENSE.AI (IdP Factor) to your Sign-on policies. If you do not have the agent deployed, users will continue to be MFA’d according to your pre-existing policies. Once the agent is deployed, TWOSENSE will begin to respond to MFA challenges on your users’ behalf. Don’t forget to provide your metadata.xml from above to your TWOSENSE representative.

Browser Extension Deployment

Depending on which tier you purchased, TWOSENSE can be rolled out by adding a browser extension from the app store of your browser(s) of choice to your company browser policy. You will be provided with an app-store published link for that purpose, please speak to your SE for details.