IBM Support

QRadar: How to configure OKTA as Identity Provider (IdP) for local authentication

How To


Summary

The purpose of this article is to help the administrator to configure OKTA as Identity Provider by using SAML 2.0 local authentication in QRadar®.

Environment

To configure this integration, the administrator must have:
  1. SAML 2.0 authentication enabled in QRadar®
    Note: SAML authentication is not available in versions prior QRadar® 7.3.2
  2. An OKTA service subscription

Steps

This configuration requires both sides to match each other, the OKTA portal and the QRadar® Authentication.
OKTA Side
The parameters required here are, Single Sign On URL and Audience Restriction.
Note: These values are the only ones you need in OKTA. The Recipient URL and Destination URL can be empty (preferable) or contain the same value as Single Sign On URL (as in the example in this technote).
  1. Single Sign On URL
     
    https://<console_hostname_or_ip>/console/SAMLSSOAssertionConsumerService
    
    Examples:
    https://qradarcon01.test.local/console/SAMLSSOAssertionConsumerService
    
    https://10.11.12.254/console/SAMLSSOAssertionConsumerService
  2.  Audience Restriction
     
    https://<console_hostname_or_ip>/console
    
    Examples:
    https://qradarcon01.test.local/console
    
    https://10.11.12.254/console
    OKTA_Conf1
     
  3. Export the OKTA metadata file. This file is required in QRadar®.
QRadar® Authentication
The parameters required here are: Metadata File, Entity ID, and How to authorize
  1. Create the users in QRadar®. This requirement is mandatory.
  2. Enable SAML 2.0 authentication.
    1. On the Admin tab, click Authentication.
    2. Click Authentication Module Settings.
    3. From the Authentication Module list, select SAML 2.0.
  3. Metadata File: The metadata file generated previously and provided by OKTA.
  4. Entity ID: Use the Entity ID information from the OKTA metadata file.
    Note: The value on the screen capture is an example. Use the one OKTA provides for your configuration.
  5. How to authorize: Select Local
2
 

Document Location

Worldwide

[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQNH","label":"IBM Security QRadar Log Manager"},"ARM Category":[{"code":"a8m0z000000cwsyAAA","label":"Admin Tasks"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Version(s)"}]

Document Information

Modified date:
10 December 2020

UID

ibm16370673