Troubleshoot Okta IDP Configuration
Ensure the Okta IDP information includes the following information:
-
SSO URL = The URL provided by Tenable (for example, https://fedcloud.tenable.com/saml/login/xxxxxxxxxxxxxxxxxxxxx)
-
Recipient URL = The recipient URL provided by Tenable (as listed above)
-
Destination URL = The destination URL provided by Tenable (as listed above)
-
Audience Restriction (SP Entity ID) = set to NessusCloud
-
Check if the NameID parameter is set to Unspecified. Sometimes this works initially because their default was “user.email”, but in some cases may need to be reconfigured:
-
Choose the NameID format and the application username sent to your application in the SAML response (for example EmailAddress and Email)
-
In the Attribute Statements (optional) section, type the SAML attributes to be shared with your application. For example:
-
Name (in SAML application) Value (in Okta profile)
-
FirstName user.firstName
-
LastName user.lastName
-
Email user.email (edited)
-
-
For more information on Okta IDP configuration, see the following resources: