Troubleshoot Okta IDP Configuration

Ensure the Okta IDP information includes the following information:

  • SSO URL = The URL provided by Tenable (for example, https://fedcloud.tenable.com/saml/login/xxxxxxxxxxxxxxxxxxxxx)

  • Recipient URL = The recipient URL provided by Tenable (as listed above)

  • Destination URL = The destination URL provided by Tenable (as listed above)

  • Audience Restriction (SP Entity ID) = set to NessusCloud

  • Check if the NameID parameter is set to Unspecified. Sometimes this works initially because their default was “user.email”, but in some cases may need to be reconfigured:

    • Choose the NameID format and the application username sent to your application in the SAML response (for example EmailAddress and Email)

    • In the Attribute Statements (optional) section, type the SAML attributes to be shared with your application. For example:

      • Name (in SAML application) Value (in Okta profile)

      • FirstName user.firstName

      • LastName user.lastName

      • Email user.email (edited)

For more information on Okta IDP configuration, see the following resources: