Configure SAML with Okta

Set up

You can configure VirusTotal to use SAML with Okta. These are the recommended steps for this set-up:

  1. In the Okta Admin Panel, go to the Applications tab:
Okta Administration Panel
  1. In the Applications tab, click on “Create App Integration”
Okta Create APP
  1. Select “SAML 2.0”:
Okta Create APP choose SAML
  1. Provide an app name and a logo:
Okta General Settings
  1. Fill the following fields with the following information:
    • Single sign on URL:
      https://virustotalcloud.firebaseapp.com/__/auth/handler
    • Audience URI: You can use any string you want as “Audience URI” as long as it's exactly the same in VirusTotal and in Okta. Alternatively, you can also introduce the Single sign on URL mentioned above
    • Name ID: “EmailAddress”
    • Application username: “Email”
    • Leave all other fields with their default values:
Okta SSO URL
  1. Once your configuration is finished, this is how your configuration should look. Click on the “View Setup Instructions” button:
Okta Setup Instructions
  1. You should see something like this:
Okta
  1. Copy those values in your VirusTotal’s group configuration available at https://www.virustotal.com/gui/group/GROUP_NAME/settings and click on Save SSO data:
Okta VT group settings
  1. Copy the URL at the “VirusTotal sign-in URL” section and use it to configure a bookmark app that will launch the sign-in process.
Okta Copy URL Okta Add Bookmark
  1. Your users must use the bookmark app to login into VirusTotal. Make sure the SAML app is hidden for them:
Okta Hide Icon

Troubleshooting

This section aims to provide steps to solve the most common issues when setting up a SAML configuration.

  • Unable to Process request due to missing initial state. This may happen if browser sessionStorage is inaccessible or accidentally cleared: Check the reply URL is configured correctly on your IdP configuration.

  • Pop up blocked: The signin dialog opens in a popup, so you need to explicitly allow virustotal.com to open popups.

  • Response mismatch: the field "identity provider issuer" must be an URL to your SAML provider.

  • Error: app_not_configured_for_user: Specifically when configuring SAML using Google Workspace. This error occurs when attempting to log into signin.blackbaud.com using a BBID enabled Google account while another Google account is already signed in in the browser

  • User is not assigned to this application.: Contact your group administrators so they can add you to the user list on Okta.

If you still need assistance, contact our support team attaching the SAML XML configuration.