Okta Integration with TigerTrust
TigerTrust integrates with Okta to provide enterprise identity management for your certificate lifecycle management platform. Enable single sign-on, automate user provisioning, and enforce security policies through Okta.
SAML SSO Configuration
Configure SAML 2.0 SSO in Okta:
# TigerTrust SAML Configuration saml: provider: okta entity_id: https://tigertrust.io/saml/metadata acs_url: https://api.tigertrust.io/auth/saml/callback attribute_mapping: email: user.email firstName: user.firstName lastName: user.lastName groups: groups signing: algorithm: RSA-SHA256 certificate: | -----BEGIN CERTIFICATE----- MIIDpTCCAo2gAwIBAgIGAY... -----END CERTIFICATE-----
Okta Admin Configuration
- Add TigerTrust as a new application
- Configure SAML settings:
Single Sign-On URL: https://api.tigertrust.io/auth/saml/callback
Audience URI: https://tigertrust.io/saml/metadata
Name ID Format: EmailAddress
Application username: Email
- Add attribute statements:
| Name | Value | |------|-------| | email | user.email | | firstName | user.firstName | | lastName | user.lastName | | groups | appuser.groups |
SCIM Provisioning
Enable automated user provisioning:
# TigerTrust SCIM Configuration scim: enabled: true base_url: https://api.tigertrust.io/scim/v2 features: create_users: true update_users: true deactivate_users: true sync_groups: true attribute_mapping: userName: email name.givenName: firstName name.familyName: lastName active: isActive groups: roles
Group-Based Role Assignment
Map Okta groups to TigerTrust roles:
# Role mapping configuration role_mapping: groups: - okta_group: "TigerTrust Admins" tigertrust_role: admin permissions: - manage_certificates - manage_users - manage_policies - view_audit_logs - okta_group: "Certificate Operators" tigertrust_role: operator permissions: - manage_certificates - view_certificates - renew_certificates - okta_group: "Certificate Viewers" tigertrust_role: viewer permissions: - view_certificates - view_reports
MFA Enforcement
Configure MFA for sensitive operations:
# MFA policy in TigerTrust mfa: provider: okta triggers: - action: revoke_certificate require_mfa: always - action: delete_certificate require_mfa: always - action: modify_policy require_mfa: always - action: export_private_key require_mfa: always allowed_factors: - webauthn - okta_verify_push
Adaptive Authentication
Leverage Okta's adaptive authentication:
# Adaptive authentication configuration adaptive_auth: risk_levels: low: actions: - standard_access medium: actions: - step_up_mfa high: actions: - deny_access - notify_security_team factors: device_trust: required_for: [production_access] network_zone: corporate_only: [admin_actions]
User Lifecycle Management
Automate user lifecycle:
# Lifecycle events lifecycle: on_user_create: - assign_default_role - send_welcome_email - create_audit_entry on_user_deactivate: - revoke_active_sessions - transfer_certificate_ownership - archive_user_data - create_audit_entry on_user_reactivate: - restore_role_assignments - notify_user - create_audit_entry
API Access Management
Secure API access with Okta:
# OAuth 2.0 configuration for API access oauth: authorization_server: https://your-org.okta.com/oauth2/default scopes: - certificates:read - certificates:write - policies:read - policies:write token_validation: issuer: https://your-org.okta.com/oauth2/default audience: https://api.tigertrust.io
Secure your certificate management with enterprise identity management through TigerTrust and Okta.