Skip to main content

Navigation

Catalogue

Security Awareness Privacy & Compliance AI & LLM Security Real-World Incidents
Application Security Soon
API Security Soon
Cloud Security Soon

Features

Interactive 3D Training SCORM Cloud LMS Human Risk Score Risk-Based Automation All features

Simulations

Phishing Simulations Smishing Simulations
Vishing Simulations Soon

Company

Partners About Us Blog Data Sheet PDF

Legal

Security & Compliance Privacy Policy Terms of Service
English Українська
Book a Demo
Okta Integration Network

Configure SAML SSO with Okta

Let your team sign in to RansomLeak with their Okta credentials. RansomLeak is the Service Provider; Okta is the Identity Provider.

Last updated June 2026

Prerequisites

  • Admin access to your RansomLeak tenant
  • Okta super admin or app admin rights
  • Okta email matches each user's RansomLeak email

Your tenant is reachable at https://<your-subdomain>.ransomleak.com. Replace <your-subdomain> with your own subdomain throughout this guide.

Supported features

  • SP-initiated SSO
  • IdP-initiated SSO
  • Just-In-Time user matching
  • Single Logout (SLO)
  • Force authentication
  • SHA-256 signed assertions

RansomLeak requires SHA-256 signed assertions. SHA-1 is not supported.

Before you enable SAML

Once SAML is enabled for your tenant, your users authenticate through Okta. If you need to turn SAML off temporarily, contact RansomLeak support and we will disable it for your tenant.

Configuration steps

RansomLeak provisions SAML per tenant. You add the RansomLeak app in Okta, then send us your Okta IdP metadata so we can configure the Service Provider side for your tenant.

  1. Add the RansomLeak app from the Okta Integration Network catalog and assign it to your test users or groups.

  2. Open the RansomLeak app's Sign On tab and copy these IdP values:

    • Identity Provider SSO URL
    • Identity Provider Issuer
    • X.509 Signing Certificate

  3. Send those three values to support@ransomleak.com and ask us to enable SAML SSO for your tenant. We configure the SP side and confirm when it is live. The SP endpoints for your tenant are:

    ACS URL https://<subdomain>.ransomleak.com/api/auth/saml/callback
    Entity ID https://<subdomain>.ransomleak.com
    Metadata https://<subdomain>.ransomleak.com/api/auth/saml/metadata

  4. In Okta, set the Application username format to Email.

Attribute mapping

The SAML NameID must be the user's email address (emailAddress format). RansomLeak reads the following attributes from the assertion:

Name Value
emailuser.email
firstNameuser.firstName
lastNameuser.lastName

Role mapping (optional). RansomLeak can map a SAML attribute to a tenant role. To drive roles from Okta, include a role or group attribute and tell us which attribute to map.

SP-initiated sign-in

  1. Go to your RansomLeak sign-in page:

    https://<subdomain>.ransomleak.com/app/login

  2. Choose Sign in with SSO. You are redirected to Okta.

  3. After you authenticate with Okta, you land back on the RansomLeak dashboard.

Troubleshooting

Symptom Fix
Redirect loop or "invalid audience" Confirm the Entity ID / Audience value matches what Okta sends.
"User not found" The Okta email must match the user's RansomLeak account email.
Signature errors Confirm Okta is signing with SHA-256, not SHA-1.
Next guide Configure SCIM provisioning with Okta Auto-provision, update, and deactivate RansomLeak accounts from Okta.

Need a hand?

Email support@ransomleak.com and we will help you connect Okta to your tenant.

See RansomLeak in Action

Try the free exercises or book a demo to see analytics, SCORM export, SSO, and custom content in your environment.

Request Demo Try Free Exercises