Before getting started, see SSO Configuration to learn more about our general SSO settings.
In the main Dashboard of your Okta account, select
In the application catalog, click
Create New App.
In the following dialog, leave
Web selected and pick SAML 2.0 as the sign on method.
General Settings, provide, at minimum, a name.
The Single Sign On URL is constructed with the URL Fragment configured in your SSO configuration. The single sign-on URL would follow the format: https://my.panopta.com/sso/<url fragment>/acs
The Audience URI follows the same format as the Single Sign On URL, but changing acs for metadata, such as https://my.panopta.com/sso/<url fragment>/metadata.
Lastly as FortiMonitor uses the email address as the base for identifying your user. Set the Name ID format as EmailAddress and Application username as email.
In the optional attribute statements, set the following three fields:
email as user.email
first_name as user.firstName
last_name as user.lastName
On the Feedback tab, check
I'm an Okta customer adding an internal app.
You should be taken to an page detailing the FortiMonitor application we just created. Click
View Setup instructions.
Utilize the data in this screen to complete the General section of your FortiMonitor SSO Configuration.
Identity Provider Single Sign-On URL is the Login URL
Identity Provider Issuer is the Entity ID
The certificate must be copied in Certificate input, under the Certificates section
Login binding must be filled with urn:oasis:names:tc:SAML:2.0:bindins:HTTP-POST
Lastly, assign any user you want to access the FortiMonitor app in Okta. Go to the assignment tab in the Application page and click Assign.
Search for people you want to be able to login into FortiMonitor.