3.3.6.2. SAML Integration
In order to integrate MetaDefender Core with SAML 2.x:
Create new application on IDP site for MetaDefender Core
We selected Okta IDP (https://www.okta.com/) as a supported IDP to demonstrate SAML integration with MetaDefender Core.
1.) Sign in Okta site, and navigate to admin dashboard

2.) Add an application, select “Web” application type, and choose “SAML 2.0” for Sign on method


Proceeding to “Configure SAML” step on SAML integration configuration, and keep this page on-hold, we need to generate some data from MetaDefender Core management console before getting back to this page later.

On MetaDefender Core management console, create a new user directory for SSO
-
Navigate to Settings > User Management
-
On “USER DIRECTORIES” tab, hit “ADD NEW USER DIRECTORY” button
-
Choose “Security Assertion Markup Language (SAML)” option for “USER DIRECTORY TYPE”
-
Type directory name at your choice
-
In “IDENTIFY PROVIDER” section, hit “FETCH” button to input IDP’s SAML designated metadata API URL (e.g. Okta could be found at https://developer.okta.com/docs/guides/add-an-external-idp/saml2/configure-idp-in-okta/)



-
In “SERVICE PROVIDER” section:
+ On MetaDefender Console current display, type your MetaDefender Core address in “HOST OR IP” field

and a login redirect URL will be auto generated by MetaDefender Core, you will want to copy the full link to proceed:

+ Switching to Okta IDP console, paste the single sign on URL and also input Audience URI, check “Use this for Recipient URL and Destination URL” option

“USER IDENTIFIED BY” field:
-
Username can be constructed by attributes set by IDP, or
-
Defined by customer on IDP site
Please review IDP document for more details. For example, for Okta: https://help.okta.com/en/prod/Content/Topics/Apps/Apps_App_Integration_Wizard_SAML.htm

-
In “USER ROLE” section, you are supported to choose default role to map an existing MetaDefender Core local role:

Or create a custom role mapping based on RegEx:

-
Hit “ADD” button to finish creating new SSO user directory, by default the new created user directory is disabled:

You may want to enable it for SSO login fashion
Warning: This action will auto forcefully logout all current active users


Sign on using IDP authentication
Now hitting “LOGIN” button on MetaDefender Core management console upon created SSO user directory, it will auto redirect you to SAML IDP login page as expected:

-
Logged in successfully will help you are redirected back to MetaDefender Core management console:
