Configure SAML with Okta
Set up
You can configure VirusTotal to use SAML with Okta. These are the recommended steps for this set-up:
- In the Okta Admin Panel, go to the Applications tab:

- In the Applications tab, click on “Create App Integration”

- Select “SAML 2.0”:

- Provide an app name and a logo:

- Fill the following fields with the following information:
- Single sign on URL:
https://virustotalcloud.firebaseapp.com/__/auth/handler - Audience URI: You can use any string you want as “Audience URI” as long as it's exactly the same in VirusTotal and in Okta. Alternatively, you can also introduce the Single sign on URL mentioned above
- Name ID: “EmailAddress”
- Application username: “Email”
- Leave all other fields with their default values:
- Single sign on URL:

- Once your configuration is finished, this is how your configuration should look. Click on the “View Setup Instructions” button:

- You should see something like this:

- Copy those values in your VirusTotal’s group configuration available at https://www.virustotal.com/gui/group/GROUP_NAME/settings and click on Save SSO data:

- Copy the URL at the “VirusTotal sign-in URL” section and use it to configure a bookmark app that will launch the sign-in process.


- Your users must use the bookmark app to login into VirusTotal. Make sure the SAML app is hidden for them:

Troubleshooting
This section aims to provide steps to solve the most common issues when setting up a SAML configuration.
-
Unable to Process request due to missing initial state. This may happen if browser sessionStorage is inaccessible or accidentally cleared: Check the reply URL is configured correctly on your IdP configuration.
-
Pop up blocked: The signin dialog opens in a popup, so you need to explicitly allow virustotal.com to open popups.
-
Response mismatch: the field "identity provider issuer" must be an URL to your SAML provider.
-
Error: app_not_configured_for_user: Specifically when configuring SAML using Google Workspace. This error occurs when attempting to log into signin.blackbaud.com using a BBID enabled Google account while another Google account is already signed in in the browser
-
User is not assigned to this application.: Contact your group administrators so they can add you to the user list on Okta.
If you still need assistance, contact our support team attaching the SAML XML configuration.
Updated 24 days ago