Set Up SSO with Okta

Enhance your organization's security and streamline user access by enabling single sign-on (SSO) with Okta. This article will walk you through the complete setup process, where you’ll configure settings in both Okta and Red Canary. If you have questions or are new to SSO,  see our Overview of Single Sign-On.

1 Okta | Configure SSO Settings

1. In your Okta Admin Console, go to Applications > Catalog > All Integrations and search for “Red Canary”.
   

2. Click the tile, then click Add Integration.
   

3. In the Subdomain field, enter your Red Canary subdomain and click Done. This will create the Red Canary app in Okta.
   

4. In the Sign On tab, scroll down to the SAML Setup and click View SAML Setup Instructions.
   

5. The pop-up window will display unique values for your subdomain and Okta account. Follow the instructions to copy the Okta values and paste them to the relevant Red Canary fields.

2 Red Canary | Grant User Roles to New Users

During the setup, you enabled the Red Canary setting Automatically create a Red Canary user the first time a user is authenticated. This setting automatically provisions a Red Canary account when a new user logs in with SSO. As an optional configuration, you can assign default roles to these new users. Select one of the following roles to apply automatically:

• Admin

• Workflow User

• Analyst

• Analyst Viewer

• Applications Manager

• EDR User

• Responder

For a full description of each role's permissions, see Understand and Assign Roles.

To reset a user's permissions to the selected default every time they sign in, check the Grant these roles on EVERY sign in box. This will override any manual role changes made previously. This is useful for enforcing a "least privilege" baseline, where you can manually grant temporary high-level access that will be automatically revoked on the next login.