Configure Okta SAML

SourceClear Software Composition Analysis

About this task

Pro customers can integrate Okta with SourceClear using SAML. Email support@veracode.com to enable this feature. In your email, include the user name and team of the account you want to provision along with the relevant SAML attributes.
Note: After setting up SAML for your team, you can no longer log in with GitHub authentication.

Procedure

  1. Log in to Okta as an administrator.
  2. On the Applications tab, click Add Application.

  3. Click Create New App.
  4. For Sign on method, select SAML 2.0.
    Note: Only SAML 2.0 is supported.

  5. Customize the name of the application.
  6. Enter the following values:
    Setting Value
    Single sign on URL https://api.sourceclear.com/saml/SSO
    Audience URI (SP Entity ID) https://api.sourceclear.com/sp
    Use the dropdown menus to set the values shown, and leave the Default RelayState field empty. The firstName and lastName SAML statements are recommended, but not required. SourceClear does not support the Group Attribute statement.
    When finished, you are directed to the SourceClear administration page.
  7. Download the metadata, which you must send as an attachment to support@veracode.com, along with the information specified in the next step.
    Note: Do not copy and paste the contents into your email.
  8. Collect information about the existing SourceClear users in the organization you identified in the previous step.
    You must provide the following information in addition to the organization URL associated with the organization to which you want to add SAML, for example https://<orgname>.sourceclear.com:
    • The corporate email address of each user in the organization
    • If the user is expected to be an Administrator of the organization

      Compile this information in a spreadsheet or table with the following information: Email address, Administrator (yes/no).

  9. Send the information to support@veracode.com.
    Your integration is complete when SourceClear receives the information and updates your account.
    Note: The Okta page continues to display the following message even after the configuration is complete: SAML 2.0 is not configured until you complete the setup instructions.
  10. Notify all the existing users of the transition.
    Users must confirm that they can login using the corporate email address they provided. To confirm they can log in, navigate to https://<orgname>.sourceclear.io/saml.
    Like all Okta applications, the SourceClear application is not available to users until it is assigned to them. Once assigned, users can login through Okta or by going to https://<orgname>.sourceclear.io/saml.