Sign into Okta> Admin>Applications
Add Application> search “Kaseya” > Add
- For “Kaseya Host” enter the domain name that your Kaseya server is on. This will be the domain portion of the URL you would normally go to, to log into your Kaseya Server.
- Click “Next”
Assign people to the application, Click Next
- Click Done
Select “Sign On” at the top menu
- Select “Edit” in the Settings area
Add the “Default Relay State” as “http://[kaseyahost]/vsapres/web20/core/ssologin.aspx”
Click the “View Setup Instructions” button
On the window that opens, scroll down until you see the “x.509 Certificate” area and click the link to download the Certificate in *.cert format.
- Open the folder where the Certificate downloaded to, and rename the extension from “cert” to “cer”.
- Close the Window
The default “Credential Details” are configured to use the “Okta Username” which pertains to the Email address. As long as the email address exists in Kaseya as the Username for the user, the Okta integration will function.
Steps for Kaseya Configuration:
- Log into Virtual System Administrator R9.1 - newer
- Select the AuthAnvil Module > Configure AuthAnvil Settings
- Select - I would like to configure Two Factor Auth Only.
- Select Begin.
Note: See this article if you would like to add both the Logon protection and the Password Server integration.
- Next Enter the SAS URL for your AuthAnvil Server.
Note: Your SAS URL will be https://kaseya.my.authanvil.com/AuthAnvil/SAS.asmx
- Define a White listed User that will not require Two Factor Authentication.
- Select Verify Settings.
- Once you see the settings are valid select Next.
- Now that you have the logon protection configured you can select Finish to apply the settings.
You should now see the same logon prompt when a user that is required to use 2FA logs in.
This will now allow you to configure the module to accept SAML Access from OKTA
- Log back into VSA.
- Select AuthAnvil.
- Select Configure Kaseya Logon.
- In Kaseya Single sign on area at bottom, Upload the Certificate (*.cer file) that was downloaded from Okta.
- Set the Reply to URL to:
(https://[sub-domain for the Kaseya server]/vsapres/web20/core/ssologin.aspx)
Select the “Enable Sign Sign On to Kaseya” check box.
Select Save changes.
Test Single Sign on from Okta.