Integrating Okta IdP with Secret Server
Third-party vendors create and maintain this integration. Delinea does not guarantee that the integration will work properly or that it respects Delinea product limitations. Delinea has not reviewed this integration and Delinea Support staff can only assist with the Delinea side of setup.
This integration enables you to access Secrets using your Okta credentials, eliminating the need for separate login credentials. As a result, this streamlines access to the Secret Server, enhancing productivity while maintaining security. Secret Server allows SAML Identity Provider (IDP) authentication for single sign-on (SSO) instead of the usual authentication process. In this setup, Secret Server acts as a SAML Service Provider (SP) and interacts with any configured SAML IDP. By integrating Okta with Secret Server, organizations centralize user authentication and access control for Secret Server using Okta as the identity provider.
Sometimes SAML validates despite having an expired IDP Certificate. This is because the SAML certificate exchange is actually a key exchange—the SAML protocol uses the public/private keys contained within the certificate to secure the communication. Unlike a website's certificate, it is not the URL or metadata within the certificate that is used to help secure the connection, only the key exchange. If the certificate provided by the IDP has been renewed but still works without a change in Secret Server, it means the key is identical, and only the metadata, such as the expiration date, has changed. This is why it does not fail validation—the key is for validation and it has not changed. Had the key changed, Secret Server would not be able to decrypt the SAML messages, and would therefore fail. Delinea does not view this as a security problem and offers this note for clarification.
To learn more about this integration, click here.
