Skip to main content
McAfee Enterprise MVISION Cloud

Integrate Okta in a Salesforce SAML Proxy

To integrate Oka with Salesforce SAML proxy, use the following steps to configure Okta, configure the MVISION Cloud SAML proxy, and finally configure Salesforce. 


The following items must be in place before you begin:

  • An existing MVISION Cloud tenant.
  • An existing SFDC sandbox.
  • An existing Okta account.
  • Operational Salesforce reverse proxy.
  • SFDC and Okta accounts set up with the same user name.

Step 1: Configure Okta

  1. Log in as admin and then navigate to the Okta Admin dashboard.
  2. Navigate to Applications
  3. Click Add Application
  4. Search for and click Add.
  5. Complete the application settings. Defaults unless highlighted below…

    NOTE: The screen above assigns users to the application. You can do it later, but it’s easier to do this now.

  6. From the Salesforce Application in Okta, select Sign On.
  7. Edit the sign-on settings and find the View Setup Instructions button.

  8. Capture the following information and continue to configure SFDC.





    Identity provider login URL

    Identity Provider Logout URL

    IDP certificate

    Download this ready to be imported to the SHN SAML proxy

    NOTE: Leave the Okta SFDC SSO configuration screen open. You will come back to it later.

Step 2: Configure MVISION Cloud SAML Proxy

  1. Log in to MVISION Cloud and go to Settings > Service Management.
  2. Configure SAML Certificates for the Salesforce reverse proxy.
  3. Upload the IDP certificate obtained earlier from Okta.

  4. Then, Export Proxy Server Certificate (to be imported to Salesforce later).

NOTE: Leave this window open so you can import the SFDC certificate later.

Step 3: Configure Salesforce

  1. Log in as admin to your SDFC environment. You must log in to SFDC directly, not through the proxy, to perform these steps.
  2. Choose Setup > Security Controls > Certificate and Key Management.
  3. Click Create Self-Signed Certificate.

  4. Enter a label for the self-signed cert and leave key size at 2048 and click Save.

  5. Click the link for the new cert. 

    Then download the certificate. This is the service provider certificate that is uploaded to the SHN proxy.

  6. Return to the MVISION Cloud SAML Proxy and upload the SFDC certificate. Click OK.
  7. In Salesforce, go to Setup > Security Controls > Single Sign-On Settings.
  8. Click Edit and then enable SAML. Then click New to create a SSO setting.

  9. Enter the following items captured during the Okta setup. 





    Identity provider login URL

    Identity Provider Logout URL

  10. Enter the other parameters as shown in this screenshot and Save.
    • Request signing certificate. The self-signed SFDC cert you created
    • IDP certificate = the SHN proxy certificate NOT the Okta certificate
    • Entity ID is usually

NOTE: If your organization is using a custom domain, the Entity ID must be the custom domain, for example,

  1. From the single sign-on page, click the link to the new SAML settings you created.
  2. From the Endpoints section, capture the Salesforce Login URL.
  3. Copy and edit the URL. Replace the host with your SFDC reverse proxy host, and append &shnsaml to the end of the URL:
New: Original:

14. Navigate back to Okta where we left the Salesforce SSO settings open and in the Login URL field, enter modified login URL you created in the last step. Leave application username format as Okta username and click Save.


  • Was this article helpful?