home

Mobile Endpoint Security

Lookout Product Documentation

Find answers about using and optimizing Lookout products.

Setting Up Okta

For additional information, refer to the Okta documentation on setting up a SAML application.

  1. Sign in as a Okta administrator and click My Applications, then click Admin:


  2. Click Add Applications:
  3. Click Create New App:
  4. Under Sign on method, select SAML 2.0, then click Create.

  5. In the App name field, enter Lookout-SSO, then click Next.

  6. Under GENERAL, set the following:
    FieldValue
    Single sign on URLThis is the URL provided by Lookout ending with /acs
    Audience URI (SP Entity ID)This is the URL provided by Lookout ending with /metadata
    Name ID formatUnspecified
    Application usernameEmail
  7. Under ATTRIBUTE STATEMENTS, create the following entries by clicking Add Another to extend the list.
    All entries use Name format: Basic:


    NameValue
    ent
    The ent value provided by Lookout
    mail
    user.email
    sn
    user.lastName
    givenname
    user.firstName
    upn
    user.email
  8. Under GROUP ATTRIBUTE STATEMENTS (OPTIONAL), create the following entry:


    NameName formatFilter
    memberof
    Basic

    This should match a common String in the user group names you use for Lookout MES Console Full Access, Restricted Access, and Read-Only administrators. For example, if your user groups are named:

    • Lookout-Full
    • Lookout-Restricted
    • Lookout-ReadOnly

    Then the memberof Filter should be:

    Contains > Lookout

    You can also use Starts with or other match types if necessary.

  9. Click Next.
  10. Under Are you a customer or partner? select I'm an Okta customer adding an internal app:
  11. Click Finish.
    The Sign-On section appears.
  12. Right click Identity Provider metadata and click Copy Link Address.
    This copies your metadata URL, which you need to provide to Lookout to complete setup.
  13. Click View Setup Instructions:


  14. Copy the Identity Provider Single Sign-On URL and provide it to Lookout:

  15. Click Assignments and assign People or Groups to the Lookout app:


  16. Navigate back to Applications and confirm that you can see the Lookout app in Okta.
  17. Send the metadata URL and Identity Provider SSO URL from Steps 11-13 to Lookout.