Okta Certificate Authentication With SSO

Eytan Raphaely Education

Okta Certificate Authentication With SSO

A major issue that organizations face for authentication is managing a host of different credentials for various different web applications. Traditionally, web app authentication requires a unique and complex set of credentials to ensure only those with approved access can log in. However, this can lead to inefficiencies in a company and bottleneck an IT department. People forgetting their passwords or losing their credentials is a major hassle.

Luckily, Okta enables the use of one set of credentials to access all web applications within a network, this can be taken to another level by configuring users to authenticate with certificates.

PIV-Okta Authentication

Okta accomplishes authentication to web apps through the use of PIV, Personal Identity Verification. Each organization user is distributed a physical smart card configured with identifying information that is used for authentication. Often, the PIV is paired with a PIN number to instill multiple factors of authentication, which is much more secure.

Unfortunately, even with both the PIV and the PIN, credentials are more vulnerable than certificates. Credential-based authentication doesn’t stand a chance against over-the-air credential theft, which can be eliminated by configuring certificate-based authentication .

Combining SecureW2 with Okta SSO allows you to use certificates without having to struggle with any complicated configuration.

Okta SSO With Certificates

The process of manually enrolling certificates for SSO is involved and mistake-prone, especially if left for network users to complete. It requires a high-level of IT knowledge to understand and presents many opportunities for misconfiguration. To ensure accurate configuration, we recommend you utilize SecureW2’s JoinNow MultiOS onboarding software.

The JoinNow solution allows users to self-configure by completing only a few steps designed to simplify the user experience.

To set up with SecureW2:

  • From SecureW2 management portal, under PKI Management, select Certificate Authorities.
  • Download your Root and Intermediate Certificate Authorities
  • Combine your Root and Intermediate Certificate Authorities and save as a .pem file.

In Okta:

  •  Under Users, go to Social and Identity Providers.
  • Go to Add Identity Providers. 
    • Upload your combined CA’s to the Certificate Chain.
    • Configure IdP username as configured in screenshot.
  • Match against Okta Username.

Congrats! You are now properly configured for certificate SSO authentication.

Make Okta Certificate SSO Easy With SecureW2

By adding certificate capability to Okta SSO, an organization is able to offer pinpoint security while ameliorating user experience. Certificate-based authentication protects against over-the-air attacks and prevents a user’s identity from being exploited by another. If you’re interested in adding SecureW2 #1 rated service, check out our pricing page.


Learn About This Author

Eytan Raphaely

Eytan is a digital marketing professional with a true passion for writing things that he thinks are really funny, that other people think are mildly funny. Eytan is a graduate of University of Washington where he studied digital marketing. Eytan has diverse writing experience, including studios and marketing consulting companies, digital comedy media companies, and more.