Why would someone want this?
You can centrally manage your teams' use and access of integrated apps.
Compliance with third-party vendor requirements.
ℹ️ Note:
The Okta integration is available on our Cloud, Pro, Enterprise, and Vanguard plans.
Before setting up Okta integration, make sure your Intruder account email matches the domain your team uses. For example, if you set up Okta with [email protected], only users with @example.com emails can sign in via Okta.
Adding the integration
Head to Integrations > scroll down to Okta and click
+ Add(Keep this tab open, we'll be coming back to it):
In a separate tab/window, log in to Okta:
Navigate to Directory > Groups > click
Add group:
You'll want to create a group for each role available in Intruder
Starting with
IntruderAdmin
Add a group named IntruderAdmin > set an appropriate description > and clickSave:
Repeat for
IntruderScan
Add a group named IntruderScan > set an appropriate description > and clickSave:
Repeat for
IntruderReadOnly
Add a group named IntruderReadOnly > set an appropriate description > and clickSave:
You should now see all three Intruder groups in your Group directory:
Add users to their appropriate groups by clicking on a group (shown above) > then clicking the
Assign peoplebutton:
🚨 Important: Make sure that your user account is added to the
INTRUDERADMINgroup to prevent you from being automatically set to a read-only user.Search the user and when they show up > Click
+>Done.
In the example below, we're adding Andy Hornegold to theIntruderAdmingroup:
NB: You can also assign users using a CSV import and other standard Okta methods.
Navigate to Applications (in the right-hand nav) > Click
Create App integration:
Select
OIDC - OpenID Connect> SelectSingle-Page Application> ClickNext:
Name your Application integration:
Intruder
Add the Intruder logo to the Application, you can access it here:
https://files.intruder.io/images/intruder-logo.png >
EnableAuthorization Code+Refresh Token>
Re-open the Intruder tab from earlier and copy the Sign-in redirect URL >
Paste it into the Sign-in redirect URIs field in Okta >
Set the Sign-out redirect URIs tohttps://portal.intruder.io:
Scroll down to Assignments >
Select one based on your preference: Allow everyone in your Okta access to Intruder or Allow only users in a specific group access to Intruder >
Configure Federation Broker Mode >
ClickSave:
To ensure Intruder can only see the Intruder groups in your Okta account, configure a group claim filter. Applications > Intruder >
Sign Ontab:
Scroll down to OpenID Connect ID Token and click
Edit:
Scroll down to
Groups claim filterand selectgroupsstarts withIntruder>Save:
Scroll back to the top and navigate to General tab, then scroll down to General Settings and click
Edit:
Scroll down to the LOGIN section >
SetLogin initiated bytoEither Okta or App>
Set Initiate login URI to https://accounts.intruder.io/sso >
HitSave:
Scroll back to the top and under Client Credentials, copy the Client ID:
Head back to the Intruder portal and paste the Client ID from Okta into the Client ID field in the integration modal:
Head back to Okta and click your tenant information in the top right > Click
Copy to clipboard:
Now back to Intruder again, where you'll paste the domain into the Okta domain field:
OPTIONAL
If you have custom authorization servers, you can add the name of the authorization server in the third field of this modal (this is not a URL, but a name/identifier for the authorization server that you have configured in Okta); if not, leave this field empty > Click Connect:
Check that the Okta integration is showing as Enabled:
Ta da. ✨ You're all done!