# Okta Org2Org Integration

## Overview

This integration enables members of your team to seamlessly authenticate into the Threatrix app with granted permissions. 

This integration requires a 3-step process

* [Create org2org app](#step-1-create-an-org2org-app): The customer configures Threatrix org2org integration in their Okta account
* [Threatrix IdP setup](#step-2-threatrix-idp-setup): Necessary credentials are provided to Threatrix to complete customer integration with Okta.
* [Complete Setup](#step-3-complete-org2org-setup): The customer completes org2org integration configuration

The total setup and configuration time is **approximately 20 minutes**. 

## Step 1: Create an Org2Org app

\
Login to your Okta administration console and navigate to Applications->Applicatons. Click Brows App Catalog

<figure><img src="https://lh4.googleusercontent.com/liwXtkIJWe3dAiiwkit_9nG6lc2fFl2hS_Wi9ZWWSjgBfpF1PWeKqJnnYH70vLUjnLSBYUp1gs0mjWdKupA7mIAmAIJ2zFwQXXOHIe_mnnnVYVBptuWRjDSFJU4QLbFVy4U5wchjwx-yHU_mEK-E3a4" alt=""><figcaption></figcaption></figure>

Select or search "org2org"

<figure><img src="https://lh6.googleusercontent.com/T9LEruG71q7EtwsPEcy-NVt16lVDFVM_0V76WKuIQbLvV0-O9uOiUZvYUmgVM-GSe7mAag5HhPZpmRO1OLlRPGO_quKQMImOmfP0j_1QKhob2flqWH9MFQxBCepdJt35kTw8xj1_MP7MtsmbEcJW7D4" alt=""><figcaption></figcaption></figure>

Click "Add Integration"

<figure><img src="https://lh6.googleusercontent.com/yoPbrirBjRpmUbxiX7jqxfdMN2585bZReScg34a4lLQFB6Xu5fTtxMMhfiVYdApI8_J45jpN-gFLshc1NPfP2KZRFKB255imnZvoXBN1fBnPznu0jBUNimLGvIuErl9sAZ9f9Dj0IOS7R-HYHAAEwL0" alt=""><figcaption></figcaption></figure>

Give the integration a name. “Threatrix Integration (Org2Org)” for example.\
Input <https://dev-41321907.okta.com> into Base URL field.\
Leave other fields default and proceed.

<figure><img src="https://lh5.googleusercontent.com/Alkviy2TUPtp9035Dc8twzqQgHZum7p4cB3ru12PcwbFz5eI6Is2xl3bmY13BRFezOHxk4A13189Q6Ikon3mw85lLb96DzMV57x1eAZeQVfcXAoYz7kIMz9PJQhTgCZRO8UhbHrBK8KaD-2RqK-l7Bk" alt=""><figcaption></figcaption></figure>

On the next page select SAML 2.0

<figure><img src="https://lh3.googleusercontent.com/V3fJiBg2-8xb1PqWfWs_42ExitDPGTikXWuT_YoEQhLHve5CNBHTFSbSu2YC3h8H80lObye7CPS0bvSZkjZXXQiZ__VOBR9gt8rWvAWwM7plc1Qwg_D9vKL2NocwxYqjDZy42_5iFnsbio6Py6SzV5E" alt=""><figcaption></figcaption></figure>

Scroll down and click “Setup Instructions”

<figure><img src="https://lh5.googleusercontent.com/bVYKuyMgZd9HTz_Ud6YUt6hFWXNuhnnpEur8XOuAQTThLOUjwk7lf9GeBxD8lUDO-e0jCf8tbZTRVRNF8T3p0H2xzSYGCB5uYgVhn6S3LIMlhz8Ti2fqOpC8huvXpVCdMxI4aBOTeYo0B0Z10rP6i_Y" alt=""><figcaption></figcaption></figure>

On the page which just has opened navigate to step 6. Copy and save “IdP Issuer URI”, “IdP Single Sign On URL” and download the certificate.&#x20;

<figure><img src="https://lh5.googleusercontent.com/iCNYjD0-qzUQeY0_58rKvLM47KDYt5VpNk9bknQMf--Xq2DmwvJCjgqdEgchTU4rxjuH4-ZJjI8-bta9nrRMUnoViKQ5QL1S5_uw3WJdhbZKVu4GbU2eD9VTzanfJbfc012RXaxS60uh0Ise4z2jZ5c" alt=""><figcaption></figcaption></figure>

Back to Org2Org setup page, scroll down and paste <https://dev-41321907.okta.com> into “Hub ACS URL” and “Audience URI” fields and click Done.

<figure><img src="https://lh4.googleusercontent.com/jEFebxUpOU3iDWk9Z29dL10sRs-19m1zoCfo3jk_aQQtHy4dDwHxvSUpvmklPOsUMnWxRTbX0zcIg5PoaC8IBpUNqBe0CSPlEMsMSCypdvfwg4Or7H6xwmqZTZFYK4IXSNBAIMYJtiRvKgcoICRxHJ4" alt=""><figcaption></figcaption></figure>

## **Step 2: Threatrix IdP Setup**

Provide the above URI, URL, and certificate to the Threatrix team.

## Step 3: Complete org2org Setup

Putting actual values for “Hub ACS URL” and “Audience URI” fields. Go to “Threatrix Integration (Org2Org)” app page, Sign On tab and click Edit.

<figure><img src="https://lh5.googleusercontent.com/tKovUYXIm9ZJZe_UB0xYpESYMAFum-VjyH68ykfwaCLaBSTnVseeXtpx5l5TfOGHjnZ7C2ikXlPwlgypBwUSoph5bmIl5NunTEsMeLp8IcwqTjwX2M2xHPg_gpz_FmkHRQDw0tDXeVehrxSMe--NP6Q" alt=""><figcaption></figcaption></figure>

* Scroll down to “Advanced Sign-on Settings” section and input data.
* Into "Hub ACS URL" field input value of "Assertion Consumer Service URL" field provided by the Threatrix team.
* Into "Audience URI" field input value of "Audience URI" field provided by the Threatrix team.
* Click Save.

<figure><img src="https://lh6.googleusercontent.com/HiPPBrKs-UeoxzhrOx4ghlBcQ9XsBuw7-TPYKzrqXdAarAUnp3aNBEzxrlQLRkLchwlp4gGUEx7P5YbSqwaPN5gj-SqxcHCg7ukvXUqz2TSks7LYvHUEDiYbIQE4lj1CMNya7gZYL-LSFr1edzsYNJU" alt=""><figcaption></figcaption></figure>

Setup provisioning

<figure><img src="https://lh3.googleusercontent.com/KSRspKrxSP_pm7F8MukITfbUWfA-br4EXjGZ7AR_RCX3n8a-lkXufnQoJQdX-IvEN05E0Opb5ZBs-1JHNonGuc404uSZ7x1HoD9Pc-Pi6b1lWGooXROGDs2qlA7MSWUy1Gxi4TIulig5aj4ZzO58fs4" alt=""><figcaption></figcaption></figure>

Enable API integration, input API token provided by the Threatrix team, click “Test API Credentials” to make sure the token is ok, and click Save.

<figure><img src="https://lh4.googleusercontent.com/wJtVwF0scWMTKMdsKl6LAdofpQhzL0dw8jK1oNyc4ao1jrl7BqNMvLE1avczc__5eBouOnQrfigAoNxyZvrL_nDRXlushFEtzgcz5tR6Y6NkfxYKcJAEPqA10qAIlNjVsOknKzyacxh4ZTFO1NNe5k4" alt=""><figcaption></figcaption></figure>

After adding the token you’ll see the Provisioning tab with the “To App” section selected, click Edit.

<figure><img src="https://lh3.googleusercontent.com/dMrJqxaN06wNXJTRdd2rewDIw5RYgoTVsV1Ijb_Xe2iqfozzZDD8KVK05rUmZlxbwj7NHR-i4weDzvdF7Qzk4RHJQl0uQRpiIGl7cm9Nofe7nHw5_uwjs_cRwaZZdjCLwWPx9yP1fu1X_eot5TaGGH8" alt=""><figcaption></figcaption></figure>

Make selections like those shown in the screenshot below and click Save.

<figure><img src="https://lh3.googleusercontent.com/c8P9kZyCqnUhk2Us0PIahVbHP9rYovd--TXBMtjJphOiJemUSc18aEZrCO6_uY9ZzA4L72ujkivU72fpPPNSBJP2d8Y1-L5-p6clD-LDyOkI8HHpAd3qGfjA-krrNoMD0idO97p-RXkELlNhPjUj8rc" alt=""><figcaption></figcaption></figure>

**Create Treatrix-related groups.**\
Groups are required to identify the organization to which users belong and the user roles.

Go to the Directory/Groups page and create group with the prefix "TRX\_ORG\_" which will determine organization and groups with the prefix "TRX\_ROLE\_" which will define user roles.

<figure><img src="https://lh5.googleusercontent.com/y5STGx9-EmLV-X-wGDA3_YyK-nnWCbJJUj7npSzsCA9XSvHHGePDDosAHQK1PyCm1bK4B8bbxRW2b6w0tbz3qEGFpxKJMm9xSzDsxihAPAE3MQCk7C3_z0G9NyE1uH30CYQlHF9cwGaVczQHg0hMUoM" alt=""><figcaption></figcaption></figure>

Then go to the Directory/People page and add groups to desired user(s).

<figure><img src="https://lh6.googleusercontent.com/P2jA633c-C4ttcsK41NG7UMsUyFtFDr-Pd8M_qv-WdhJXgxpL48snK3eB23hh5ESV03xYN9l534eXQ-xO8ybgThOPqxKwwBtYglZ6HWazD_NRAcRBP4OhtM1Sdsbkrqro5uCtBAETI7VjfheLageh-Q" alt=""><figcaption></figcaption></figure>

**Add the Push Groups Rule**

Go back to the Threatrix integration (Org2Org) page, Push Groups tab and add the rule.

<figure><img src="https://lh3.googleusercontent.com/20ilZrcPF2-2f0E1SCt2cUfrY-F307ao7gdglbbkM2AKHRIY8su6vy-HAkyuAgOXYrFq0sHjCPg_lvpmDlZ2GcEqMCEKY1Imc_qHiUndZcm4mBdU8epIP0AvED9bflDNswntL0bY4H-GwE14xfLWlmM" alt=""><figcaption></figcaption></figure>

Name it "Push Threatrix Related Groups", add filter by prefix "TRX\_" and click Save.

<figure><img src="https://lh6.googleusercontent.com/1Ix8sVMIk9ZcFXvWdrVlkLOKILRdj3N5oBv-cnVnIFfg_uJGc4l1HiWWPMuCEdHI7bqJd5JcvV2ShFWJA4Z64fjdp2K5Uu9URcK08ya_bRF5TohmBWFM3NWkzTj5ivdy2AQZdLew0LxwHOo1rgFV-6k" alt=""><figcaption></figcaption></figure>

Now assign the Threatrix Integration (Org2Org) app to people as shown in the next several screenshots

<figure><img src="https://lh6.googleusercontent.com/dtUO8DbXwn9NVcn3az-vmssWIu7aI-6XcSoG6MWFpYiAmdfq40wJBPDqYrl4IKpjE0vI9KH4qShjurzBft_5IWSADCy3XkCDQWQp44U97DXn3V4lSeD3rrvKqu5pORItYeO-obh50hAHCYLQw-W5RN8" alt=""><figcaption></figcaption></figure>

<figure><img src="https://lh4.googleusercontent.com/LMga8o8DCRri_Z8lIWBai-HrPhEwoMhA-nLfA73klWdnf4e0X1RB6fBJcYa9MnrnNUCrNpBdNQTvtjnIw9cpltIG2njPabI-ydSIz-87jgr2F84OgpUBRhu7UyL8fXSE32bh8DKOf15brTixrfeY8VM" alt=""><figcaption></figcaption></figure>

<figure><img src="https://lh4.googleusercontent.com/G4HO2b1WkP1Lw4xCrSfb7_Yb_aCwpDzg4LC6p0kAPAxBQ0MfX9LdVguJSq7SREq86nMXMspzZMts8dhll0dr6xIHpTW-mFOG6or-5MALQUpYVlAghved5qSs7b86arDO8_8pdA8D1VAicotdVLWU3sY" alt=""><figcaption></figcaption></figure>

<figure><img src="https://lh5.googleusercontent.com/R6dxAu5xUoFMs9Aov2x9O1CjFdmxQa_DkM_2nRvS4OAt4eDuT6AYhnS_XDbrhgcdp70QZbcVYIA-Fou1d6QHenCWvxs9HLpWcR-Xwtd26WkOsU7NK-RMD7NvpAiqd1Sp3tSl8PXSZKeI1TLgOEK-5x8" alt=""><figcaption></figcaption></figure>

<figure><img src="https://lh5.googleusercontent.com/w-wxBLPLsRglY6-DeOoq5PvIYqLAwzu3DD1XtxxE1Pbecq11lSQtdtCxwk1DHPRhpUIK03qEfuw94CnYgRKBNQm9e8V2W7AJVJmRfesqWNlqMP-UwCfFJnddCFMD8M1JkfXPkoXQ_qb3vFX_gGEZVsA" alt=""><figcaption></figcaption></figure>

<figure><img src="https://lh3.googleusercontent.com/PooL053d4jDhEUqhwQJrH3IO2oGbAH-STWDxcj-FbJx6qstjQkPHgLivck_f1ePHZlblpaAQFvJXsvQ1ayVg4NTwVXhbQkPtQbiAJkG1o47GADHsq6ngeD114DYgztlSWKNTKV-zzyQY5y4yCgtFXZE" alt=""><figcaption></figcaption></figure>

**That’s it**! You've completed the setup of Threatrix SAML/Okta org2org Integration.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.threatrix.io/administration/okta/okta-org2org-integration.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.