Skip to main content

Configure Okta as SSO Provider

To use Okta as the SSO identity provider (IdP) for Virtana Platform, you must configure specific settings as required by Virtana. You then copy the IdP SSO metadata URL from Okta and enter it in Virtana Platform to complete the configuration process.

About This Task

  • After configuring the IdP, you must copy the metadata URL, which is needed for Virtana Platform

Prerequisites

  • You must have set up a SAML 2.0 application with your IdP.

  • You must have administrator privileges in both IdP and Virtana Platform.

  • You must have an appropriate Virtana Platform license to use SSO.

Steps

  1. Log into Okta as an administrator and navigate to Applications > Applications.

  2. Click Add Application.

  3. Click Create New App and select Web in the Platform dropdown.

  4. Choose SAML 2.0 and click Create.

  5. Enter an App name and upload a logo (if desired), and then click Next.

    Leave the App visibility options as the default.

  6. Enter the Single Sign On URL and leave Use this for Recipient URL and Destination URL checked.

    If Keycloak is disabled:

    • SSO URL: https://<env>.cloud.virtana.com/authentication/SSO/saml/acs

    If Keycloak is enabled:

    • SSO URL:

      https://keycloak.oc.<env>.cloud.virtana.com/auth/realms/<org_id>/broker/<org_id>-saml-config/endpoint

      Note

      <env> is the variable used for your locale. For example https://app.cloud.virtana.com/...

      <org_id> is the organisational UUID for the given organisation. You can contact Virtana Support team to get your UUID.

  7. Enter the Audience URI (SP Entity ID):

    If keycloak is disabled:

    URI: Virtana-Platform

    If Keycloak is enabled:

    URI: https://keycloak.oc.<env>.cloud.virtana.com/auth/realms/<org_id>

    Leave Default RelayState and Name ID Format with the default settings.

    Note

    <env> is the variable used for your locale. For example: https://app.cloud.virtana.com/...

    <org_id> is the organisational UUID for the given organisation. You can contact Virtana Support team to get your UUID.

  8. For Application username, select Email.

  9. Click Show Advanced Settings and under the Attribute Statements section do the following

    Important

    Entries in the Name field must be exactly as indicated below. Names are case-sensitive. Ensure the spelling and capitalization are correct for the entries in the Name fields.

    If keycloak is disabled:

    1. For the first attribute statement enter the following:

      Name

      Name Format

      Value

      firstName

      Basic

      user.firstName

    2. Click Add Another and complete the second attribute statement:

      Name

      Name Format

      Value

      lastName

      Basic

      user.lastName

    3. Click Add Another and complete the third attribute statement:

      Name

      Name Format

      Value

      externalId

      Basic

      user.email

    If keycloak is enabled:

    • For the first attribute statement enter the following:

      Table 9. Add Attribute

      Name

      Name Format

      Value

      firstName

      Basic

      user.firstName



    • Click Add Another and complete the second attribute statement:

      Table 10. Add Attribute

      Name

      Name format

      Value

      lastName

      Basic

      user.lastName



    • Click Add Another and complete the third attribute statement:

      Table 11. Add Attribute

      Name

      Name Format

      Value

      email

      Basic

      user.email



    • Click Add Another and complete the fourth attribute statement:

      Table 12. Add Attribute

      Name

      Name Format

      Value

      username

      Basic

      user.email



  10. Click Next and Finish.

    A page displays the Virtana Platform Settings on the Sign-On tab.

  11. In the Sign-on methods area, click Identity Provider Metadata under View Setup Instructions.

    vp-scrn-opt-sso-aws-settings.png
  12. Make a note of the IdP metadata URL that displays in the browser's URL field.

    You must enter this URL in the Virtana Platform SSO settings form.

    Tip

    This is not the same as the Identify Provider Single Sign-On URL that is displayed by clicking View Setup Instructions.

    vp-scrn-sso-metadata-url.png
  13. [Optional] Configure any other options, such as Password reveal or a Sign On Policy.

  14. Add users to the SSO application you just created.

This completes the Okta configuration. You can close Okta and log in to Virtana Platform to proceed with setup.

Next Steps

You must log in to Virtana Platform and configure SSO for the platform.