Qualys SAML and OKTA Integration
This article describes the typical Okta IdP SSO-initiated SAML 2.0 integration with Qualys.
Ensure that you create a New App for Qualys, and avoid using a Community Created App. When
sending the SAML assertion response to Qualys, you can use SHA1 or SHA256 as the signing
algorithm. If you are doing an SP-initiated SSO SAML 2.0 integration, leave the Default Relay
State field blank.
Click here for complete information on Qualys SAML Support.
To configure Okta for SSO integration with Qualys:
1. Log in to Okta.
2. Click Applications.
3. Select Create App Integration.
4. Select SAML 2.0.
Copyright 2023 by Qualys, Inc. All Rights Reserved. 1
5. Follow the on-screen instructions to configure your SSO application
Below is an example of the configuration for AU POD1
Attribute Value
Single Sign on URL
• US Platform 1: (username: xxxx_xx)
• US Platform 2: (username:xxxxx2xx)
• US Platform 3: (username: xxxxx3xx)
• EU Platform 1: (username: xxxxx-xx)
• EU Platform 2: (username: xxxxx5xx)
• IN Platform 1: (username:xxxx8xx)
US Platform 1: https://qualysguard.qualys.com/IdM/saml2/
US Platform2: https://qualysguard.qg2.apps.qualys.com/IdM/saml2/
US Platform 3: https://qualysguard.qg3.apps.qualys.com/IdM/saml2/
EU Platform 1: https://qualysguard.qualys.eu/IdM/saml2/
EU Platform 2: https://qualysguard.qg2.apps.qualys.eu/IdM/saml2/
IN Platform 1: https://qualysguard.qg1.apps.qualys.in/IdM/saml2/
Audience URI (SP
Entity
ID)
QualysGuard_SharedPlatform-SAML20-SP
Default RelayState
• Blank in case of SP initiated SSO.
• idm_key in case of IDP initiated SSO.
idm_key=saml2_xxxxxxxxxx (the same key as contained in the
unique URL for SP initiated SSO)
Name ID format
Unspecified
Application Username
Okta username
Response
Signed
Assertion Signature
Signed
Signature Algorithm
RSA SHA1/SHA2
Digest Algorithm
SHA1
Assertion Encryption
unencrypted
Enable Single Logout
Depending on user requirements
Authentication context
class
Password Protected Transport
Request Compression
Compressed
Honor Force
Authentication
Yes
SAML Issuer ID
http://www.okta.com/$(org.externalKey)
ATTRIBUTE
STATEMENTS
(OPTIONAL)
This is a mandatory field for successful authentication
• Name: qualysguard_external_id
• Name format: Basic
• Value: user.email
Last updated: August 16, 2024
Qualys SAML and OKTA Integration 2
