SAML based SSO with ThousandEyes and Okta

Posted by on November 20th, 2013
January 9th, 2017

SAML (Security Assertion Markup Language) is an XML based standard maintained by OASIS, developed to facilitate the exchange of authentication and authorization data between parties. The primary application of SAML is the secure assertion of an online identity by a user to a Service Provider (SP) with the help of a trusted Identity Provider (IdP), commonly referred to as Single Sign-On (SSO).

Apart from the data format itself, SAML also defines a set of Profiles, use cases of the standard, and Bindings, mappings of how a SAML message is encapsulated inside an existing protocol, for example SOAP.

The most common combination of Profile/Binding currently in use is the Web Browser SSO Profile with the HTTP POST Binding, introduced with version 2.0 of the SAML standard. In this scenario when a user tries to access a secure web resource provided by the SP, the browser will be redirected to the IdP’s website. The IdP can then authenticate the user by asking for credentials or checking for valid session cookies. After successful authentication the user is redirected back to the SP’s Assertion Consumer Service (ACS), where the SP can make an access control decision based on the asserted identity. If the SP’s policies allow it the user will finally be redirected to the originally requested resource.

The following diagram describes this procedure in more detail.

SAML Web Browser SSO
Figure 1: SAML Web Browser SSO

ThousandEyes supports SAML based SSO

ThousandEyes introduced support for SAML based SSO back in July. With this support ThousandEyes allows organizations to integrate third party identity providers with the platform, leveraging their investment in SAML to increase security and user experience when authenticating into our platform.

ThousandEyes’ support for SAML requires an Organization Admin to follow an easy configuration guide on both the SAML provider and on ThousandEyes.

ThousandEyes is now part of the Okta Application Network

Today we’re announcing a partnership with Okta, an enterprise grade identity management service. Being a part of Okta’s Application Network means that ThousandEyes’ SAML support has been subject to an extensive technical evaluation, ensuring interoperability with Okta and compliance with the industry’s best practices.

Okta’s customers can now enjoy a simplified hassle free setup experience by selecting ThousandEyes from the available applications list in the Okta Administrator Dashboard and completing the setup guide.

You can refer to ThousandEyes’ or Okta’s support documents on this subject to learn more about the integration. And, as always, feel free to reach out to our support team if you have questions or need help.

Processing...