Documentation
  • 🍻Intro
    • Why API Security is Critical?
    • Pynt at a Glance
    • Who Should Use Pynt?
  • 👩‍💻API Security Testing
    • Security Testing Overview
    • Prerequisites for Running Pynt Scans
    • How to Install Pynt CLI
    • How to install Pynt Binary (Linux only)
    • Pynt CLI Modes
      • 🔵Pynt Command CLI Mode
      • 🔵Pynt Listen CLI Mode
    • Pynt Security Tests Coverage
      • Business Logic Tests
      • Injection Tests
      • Authentication Bypass Tests
      • Mass Assignment Tests
      • Server-Side Request Forgery Tests
      • Stack Trace In Response
      • Lack of Resources and Rate Limiting
      • File Path Manipulation
      • GraphQL Introspection Vulnerability
      • GraphQL Alias Overloading
      • LLM APIs Vulnerabilities
      • Insecure Transport Scheme
      • Basic Authentication
      • HTTP Desynchronization (Desync) Attack
    • Sensitive Data Exposure Detection
    • Pynt Scans Troubleshooting
      • Pynt CLI Troubleshooting
      • Pynt for Postman Troubleshooting
        • Troubleshoot Pynt Container not Running Error
        • Troubleshoot Empty API Key Error
        • Troubleshoot Unauthorized API Key Error
        • Troubleshoot Collection Not Found Error
        • Troubleshoot Non-Unique Collection Name Error
        • Troubleshoot Empty Collection Identifier Error
        • Troubleshoot Unreachable Target Error
        • Troubleshoot Target Responds with Errors Error
        • Troubleshoot Unresolved Target Domain Error
        • Troubleshoot Unresolved Variable Error
        • Troubleshoot TLS Handshake Fail Error
        • Troubleshoot Few Requests Error
        • Troubleshoot One User Only Error
        • Troubleshoot Failed Assertions Error
    • How To
      • How to Run Business Logic Tests with Pynt
      • How to associate a Pynt scan to an Application in Pynt Dashboard
      • How to tag a scan in Pynt
    • Benchmarks
      • Pynt vs OWASP crAPI
  • 🤲Security Testing Integrations
    • 🟠Pynt with API Testing Tools
      • 🔘Pynt for Postman
        • Fork Pynt Collection
        • Run Pynt Container
        • Run Pynt in Postman
        • View Scan Results in Postman
      • 🔘Pynt for Insomnia
      • 🔘Pynt for ReadyAPI
    • 🟠Pynt with API Testing CLIs
      • 🔘Pynt for Newman (Postman CLI)
      • 🔘Pynt for TestRunner (ReadyAPI CLI)
    • 🟠Pynt with Testing Frameworks
      • 🔘Pynt for .NET (xUnit)
      • 🔘Pynt for Selenium
      • 🔘Pynt for Rest Assured
      • 🔘Pynt for Jest
      • 🔘Pynt for pytest
      • 🔘Pynt for Go
      • 🔘Pynt for JMeter
    • 🟠Pynt on CI/CD
      • ❗How to get Pynt ID for CI/CD Authentication
      • 🔘Pynt for GitHub Actions
      • 🔘Pynt for Azure DevOps Pipelines
      • 🔘Pynt for GitLab
      • 🔘Pynt for Jenkins
    • 🟠Pynt with Burp Suite
    • 🟠Pynt with Browsers
      • 🔘Pynt for Firefox Browser
    • 🟠Live Traffic Connectors
      • 🔘eBPF
        • 🔘Key Components
      • 🔘Traffic Mirroring
    • 🟠Advanced Pynt Examples
      • 🔘Pynt as a Standalone Container
      • 🔘Pynt with Prerecorded Har Files
      • 🔘Pynt with cURL
  • 🈸Applications View
    • Application View Overview
    • Manage Applications
      • Add Application
      • Delete Application
      • Rename Application
    • Manage Sources for API Discovery
      • Add Source
      • Delete Source
      • View Source Info
      • Source Categories
        • API Documentation
          • Swagger
          • Postman Collection
        • API Gateways
          • AWS API Gateway
          • Azure API Gateway
          • Kong API Gateway
          • GCP API Gateway
          • Gravitee API Gateway
        • Testing (API Security Scans)
        • Live Traffic
          • Data Collection with eBPF
          • ALB Traffic Capture with AWS Traffic Mirroring
        • Code Repository
    • Application Dashboard
    • Generate Pentest Report
  • 📚API Catalog
    • API Catalog Overview
    • Navigate API Catalog
      • Filtering API Catalog by Application
      • API Catalog Customization
      • API Related Info
      • APIs at Risk
    • Manage API Source Gaps
      • New APIs
      • Untested APIs
      • Shadow APIs
      • Undocumented APIs
    • View Detailed Endpoint Info
  • ⏪Scan History
    • Scan History Overview
    • Navigate Scan History
      • Associating Scans with Specific Application
      • Filtering by Application
      • Scan Related Info
      • Scan History Customization
    • View Detailed Scan Info
    • Associate Vulnerabilities to Tickets with JIRA
  • Account Management
    • Single Sign-On (SSO)
      • Setting up Okta
      • Setting up Entra ID
Powered by GitBook
On this page
  • Requirements
  • Step 1: Add Pynt as an application in Okta
  • Add a SAML app
  • Create a Bookmark App
  • Step 2: Set up SSO in Pynt
  • (Optional) Step 3: Assign roles to users
  • Step 4: Assign users to the Pynt application in Okta
  1. Account Management
  2. Single Sign-On (SSO)

Setting up Okta

PreviousSingle Sign-On (SSO)NextSetting up Entra ID

Last updated 2 months ago

Pynt supports setting up external identity provider (IdP) for authentication, such as Okta. This allows organizations using Okta to control how their employees access Pynt and remove their need to manage any credentials.

The high-level steps to set SSO (Single Sign-On) with Okta are:

  1. Add Pynt as an application in Okta

  2. Set up SSO in Pynt

  3. Add users to the Pynt application in Okta

Requirements

  • Verify you have administrator privileges for your Okta instance.

    • Your role should include

  • Verify you are an admin on Pynt and your organization has an active Enterprise license.

Step 1: Add Pynt as an application in Okta

Pynt supports only SP (Service Provider) initiated login, hence we'll add both a hidden SAML application and a visible Bookmark pointing to login.

Add a SAML app

  1. Go to Okta's Admin Console, then Applications > Applications. Click Create App Integration, select SAML 2.0 as the Sign-in method and click Next.

  2. Choose Pynt SAML for the App Name, and check Do not display application icon to users

  3. Obtain the SAML settings from the Single Sign-On (SSO) section of Pynt's page:

    • Single sign-on URL - Assertion Consumer Services (ACS) URL

    • Audience URI (SP Entity ID) - Audience

    • Name ID Format

    • Application Username

  4. Fill out the Attribute Statements:

    • http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname - user.firstName

    • http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname - user.lastName

    • http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress - user.email

  5. In the Feedback screen, you can decide to fill the feedback or skip (by clicking Finish).

  6. In the new app's Sign On tab, open the Metadata URL and save the contents as metadata.xml (or similar) in your computer (we'll use it in Step 2).

Create a Bookmark App

  1. Go to Okta's Admin Console, then Applications > Applications. Click Browse App Catalog and search for Bookmark App. Click on Add Integration.

  2. Choose an Application Label (e.g., Pynt) and fill https://app.pynt.io/login as the URL

Step 2: Set up SSO in Pynt

If you want to limit specific domains for your organization (such as @company.com), include the list of these domains in your request.

(Optional) Step 3: Assign roles to users

Pynt allows Just-in-time role setting by passing the role SAML attribute during the login.

  1. Search for the Pynt SAML profile in the Directory -> Profile Editor page

  2. Once saved, head to the Pynt SAML application page, and click Edit on the SAML Settings

  3. Move to the Configure SAML step by clicking Next. Under Attribute Statements add a new attribute named role which maps to appuser.role (the role suffix should match the name of the attribute you added earlier in the profile). Continue to save the changes.

  4. When assigning users, you can choose which role to assign (the default will be user in Pynt, unless explicitly assigned.)

Step 4: Assign users to the Pynt application in Okta

Because our setup includes both a hidden SAML application and a visible bookmark app, the easiest setup will be to create a new group of Pynt users, assign both apps to the newly created group, and assign users to the group as needed.

Mail the metadata.xml file from the first step and ask to finalize the setup on Pynt's side.

Add an attribute of type string, with the following set of values - user and admin

Read more about users management in .

support@pynt.io
Okta's documentation
Application Administration
User Management
How your employees will see the bookmark