NS1 supports SAML 2.0 single sign-on (SSO) for the NS1 portal (https://my.nsone.net) for organizations using Okta as their Identity Provider (IdP). This guide includes instructions for implementing a custom enterprise application with SAML SSO enabled for your organization.
An administrative user creates account users and teams in the NS1 portal, and then authentication occurs via the Okta platform. The integration allows you to add the NS1 application to your organization’s existing SSO solution for added network security and simplified user management.
NS1 supports logins initiated by both the Identity Provider (IdP) or the Service Provider (SP).
-
IdP-initiated login allows users to log in to Okta, and then select the NS1 application to log into the NS1 portal.
-
SP-initiated login allows users to select an SSO option on the login page for the NS1 portal (my.nsone.net).
Once Okta SSO is enabled for your organization, all NS1 portal users associated with your account will be able to access the NS1 portal via Okta or by selecting the SSO option on the NS1 portal login page.
An SSO ID is a unique identifier for an NS1 organization. It is required to configure the NS1 application in Okta. Contact NS1 customer support by submitting a ticket or emailing support@ns1.com to request an SSO ID.
The encryption certificate is used to encrypt the SAML information that is sent to NS1. The certificate is available in Step 1 of Okta's How to Configure SAML 2.0 For NS1 guide.
-
Log into the Okta portal, and then select the Classic UI view from the drop-down list.
-
Click Applications in the sub-navigation.
-
Click Add Application.
-
Type “NS1” in the search bar, and click the NS1 application from the list.
-
Click Add.
-
Under General Settings, enter the SSO ID provided to you by NS1.
-
Click Done.
-
In the Okta portal, navigate to the NS1 application settings, and select Sign On settings from the subnavigation.
-
Copy the link to Identity Provider metadata.
-
Send the link to the identity provider metadata to NS1 via a support ticket or emailing support@ns1.com.
Note
When submitting the support ticket, please include the projected date by which you want to activate Okta SSO on your account. Full NS1 + Okta SSO activation should happen only after you’ve completed the steps in this guide — including initial user mappings. See Step 6 for details.
-
Confirm that the following Audience URI is displayed under General Audience URI (SP Entity ID): https://api.nsone.net/saml/sso/metadata
-
In the Okta portal, navigate to the NS1 application settings and select Sign On from the sub-navigation.
-
Next to Encryption Certificate, click Browse and select the certificate file you saved in Step 2.
-
ClickUpload.
An account administrator must configure user mapping based on usernames or email addresses. First, you will need to identify the format of usernames in your account—either a basic text string (ex. jdoe33) or an email address (jdoe33@example.com). This is indicated by the left-most column in the list of NS1 account users.
-
In the NS1 portal, navigate to Account Settings >Users & Teams.
-
Click the Users tab to see a list of all users associated with your account.
-
Refer to the left-most column (“User” column) to verify the username format.
Example A: List of users with basic username type
Example B: List of users with email username type
-
In the Okta portal, navigate to the NS1 application details page, and click Assignments tab.
-
Click Assign to add people or groups from your organization to the NS1 application.
-
Next to User Name, enter a username exactly as it appears in the NS1 portal.
If your NS1 organization uses email format usernames, you must enter the user’s entire email address in the Edit User Assignment screen.
Once you’ve completed the steps in this guide, submit a support ticket to let us know you are ready to activate the Okta integration. Once we’ve enabled SSO, users will only be able to log in via the NS1 app in the Okta platform. When reaching out, please let us know the date and time at which you would like to fully activate SSO.
Once setup is complete, NS1 recommends that you test the SSO configuration to ensure you and your users can log into the NS1 portal via SSO.
-
Navigate to the NS1 portal login page (https://my.nsone.net/#/login).
-
Click Log in with SSO.
-
Enter your NS1 account username, and click Log in with SSO.
-
After being redirected, enter your Okta login credentials, and click Sign In.
You are now logged into the NS1 portal.
-
Log into the Okta portal (https://<company_url>.okta.com/app/UserHome), and click the NS1 application from the list.
You are now logged in and redirected to the NS1 portal (http://my.nsone.net).
-
If an individual user experiences issues logging in, verify that you have accurately mapped the Okta username to the NS1 username (refer to Step 5).
-
Contact NS1 support by submitting a ticket or emailing support@ns1.com for help with the implementation process.