You can configure SAML to support identity provider-initiated single sign-on. Identity provider-initiated single sign-on is when you are already logged in through your identity provider (IDP), such as Okta, and then click a Lacework tile/icon to access the Lacework Console.
Follow these steps to set up the RelayState to your primary account and encode it in base64.
- Create a json string that sets the accountName.
For example, if your Lacework URL is yourname.lacework.net, the json string would be:
{"accountName":"yourname"} - Copy the json string and encode it in base64.
Any available base64 encoding methods can be used.
After encoding, the string resembles this output:
eyJhY2NvdW50TmFtZSI6IkxXIG9yZyBOYW1lIn0 - Set the RelayState in your IDP with the output string:
eyJhY2NvdW50TmFtZSI6IkxXIG9yZyBOYW1lIn0
For example, in Okta, add the encoded base64 string to the Default RelayState field.