Why would someone want this?
You can centrally manage your teams' use and access of integrated apps.
Compliance with third-party vendor requirements.
⚠️ Before setting up Okta integration, make sure your Intruder account email matches the domain your team uses. For example, if you set up Okta with [email protected], only users with @example.com emails can sign in via Okta.
Adding the integration
Head to Integrations > scroll down to Okta and click
+ Add(Keep this tab open, we'll be coming back to it):
In a separate tab/window, log in to Okta:
Navigate to Directory > Groups > click
Add group:
You'll want to create a group for each role available in Intruder
Starting with
IntruderAdmin
Add a group named IntruderAdmin > set an appropriate description > and clickSave:
Repeat for
IntruderScan
Add a group named IntruderScan > set an appropriate description > and clickSave:
Repeat for
IntruderReadOnly
Add a group named IntruderReadOnly > set an appropriate description > and clickSave:
You should now see all three Intruder groups in your Group directory:
Add users to their appropriate groups by clicking on a group (shown above) > then clicking the
Assign peoplebutton:
🚨 Make sure that your user account is added to the
INTRUDERADMINgroup to prevent you from being automatically set to a read-only userSearch the user and when they show up > Click
+>Done.
In the example below, we're adding Andy Hornegold to theIntruderAdmingroup:
NB: You can also assign users using a CSV import and other standard Okta methods.
Navigate to Applications (in the right-hand nav) > Click
Create App integration:
Select
OIDC - OpenID Connect> SelectSingle-Page Application> ClickNext:
Name your Application integration:
Intruder
Add the Intruder logo to the Application, you can access it here:
https://files.intruder.io/images/intruder-logo.png >
EnableAuthorization Code+Refresh Token>
Re-open the Intruder tab from earlier and copy the Sign-in redirect URL >
Paste it into the Sign-in redirect URIs field in Okta >
Set the Sign-out redirect URIs tohttps://portal.intruder.io:
Scroll down to Assignments >
Select one based on your preference: Allow everyone in your Okta access to Intruder or Allow only users in a specific group access to Intruder >
Configure Federation Broker Mode >
ClickSave:
To ensure Intruder can only see the Intruder groups in your Okta account, configure a group claim filter. Applications > Intruder >
Sign Ontab:
Scroll down to OpenID Connect ID Token and click
Edit:
Scroll down to
Groups claim filterand selectgroupsstarts withIntruder>Save:
Scroll back to the top and navigate to General tab, then scroll down to General Settings and click
Edit:
Scroll down to the LOGIN section >
SetLogin initiated bytoEither Okta or App>
Set Initiate login URI to https://accounts.intruder.io/sso >
HitSave:
Scroll back to the top and under Client Credentials, copy the Client ID:
Head back to the Intruder portal and paste the Client ID from Okta into the Client ID field in the integration modal:
Head back to Okta and click your tenant information in the top right > Click
Copy to clipboard:
Now back to Intruder again, where you'll paste the domain into the Okta domain field:
OPTIONAL
If you have custom authorization servers, you can add the name of the authorization server in the third field of this modal (this is not a URL, but a name/identifier for the authorization server that you have configured in Okta); if not, leave this field empty > Click Connect:
Check that the Okta integration is showing as Enabled:
Ta da. ✨ You're all done!The Okta integration is available on our Cloud, Pro, Enterprise, and Vanguard plans.