Aqua Blog

Simplifying Access to the Aqua Platform with Okta

Simplifying Access to the Aqua Platform with Okta

Enterprise-grade solutions are expected to integrate with existing enterprise infrastructure, including providing SSO to authenticate users without requiring separate definitions of user identity and access credentials.

Federated Identity provides a secure way for Service Providers to externalize authentication by integrating with its suppliers’ existing identity infrastructure, or Identity Provider. This led to the development of federated protocols, such as Secure Assertion Markup Language (SAML).

What is SAML?

SAML, pronounced sam-el, is an open standard for exchanging authentication and authorization data between parties, such as between an identity provider and a service provider. SAML is also a set of XML-based protocol messages. It is an umbrella standard that covers federation, identity management, and single sign-on (SSO).

SAML works by transferring the user’s identity from one place (the identity provider) to another (the service provider). This is done through an exchange of digitally signed XML documents. The user accesses the remote application using a link on an intranet, or a bookmark, and then the application loads.

SAML is used primarily as a web-based authentication mechanism, as it relies on the browser agent to broker the authentication flow.

There are many ways to implement the SAML protocol. While the end goal is the same for all of them, i.e., creating a secure connection between identity providers and service providers, different players approach these pieces in unique ways.

Some of the differences include how to deal with incoming SAML responses, how to support the SP-initiated Login flow, and developing the underlying logic needed to generate appropriate SAML Authentication Requests.

Enter Okta

Okta is one of the leading identity and access management providers. Their cloud-based apps help companies manage and secure user authentication into modern applications. They help developers build identity controls into applications, websites, and devices.

The Okta Integration Network (OIN) is a library of configuration frameworks for thousands of service providers. It serves as a community resource for finding Okta-compatible services. This library allows administrators to easily configure applications in which Okta serves as the identity provider.

Okta and Aqua

Okta recently added Aqua to their Integration Network, thereby classifying Aqua as an Okta verified application. With Aqua in the OIN library, Okta customers can integrate the Aqua Security platform with a few steps.

Leveraging this integration simplifies the authentication process, as customers can use their Okta credentials to log in to Aqua.

Integration Steps

Take these steps to select Aqua from the library and integrate it with Okta:

1. Log on to the Okta Admin interface.

2. Under Applications, Search for the Aqua platform.

AquaOcta_Image0

The configuration of Aqua as an application includes Okta’s live documentation. This includes metadata that is specific to the customers’ Okta tenant.

3. Click View Setup Instructions to access the instructions.  These instructions include all of the necessary steps to take, on both the Aqua and the Okta side, to complete a successful SAML integration.

Identity Management

Summing it Up

Identity management is not a luxury item, but rather a mandatory security component that you need to improve your company’s security posture. Aqua’s integration with Okta is an easy implementation path. Okta takes care of the identify management piece. It monitors and maintains the integration while Aqua customers can focus on working with the Aqua platform.

Ken McCann
Ken is a DevSecOps Architect at Aqua Security on the Customer Success team. He has worked at several large organizations including The Walt Disney Company and CA Technologies focusing on Enterprise Security and Identity Management projects. Away from work, Ken enjoys backcountry skiing, mountain biking, and building drones.