Configure Okta as SSO Provider
To use Okta as the SSO identity provider (IdP) for Virtana Platform, you must configure specific settings as required by Virtana. You then copy the IdP SSO metadata URL from Okta and enter it in Virtana Platform to complete the configuration process.
About This Task
After configuring the IdP, you must copy the metadata URL, which is needed for Virtana Platform
Prerequisites
You must have set up a SAML 2.0 application with your IdP.
You must have administrator privileges in both IdP and Virtana Platform.
You must have an appropriate Virtana Platform license to use SSO.
Steps
Log into Okta as an administrator and navigate to Applications > Applications.
Click Add Application.
Click Create New App and select Web in the Platform dropdown.
Choose SAML 2.0 and click Create.
Enter an App name and upload a logo (if desired), and then click Next.
Leave the App visibility options as the default.
Enter the Single Sign On URL and leave Use this for Recipient URL and Destination URL checked.
If Keycloak is disabled:
SSO URL:
https://<env>.cloud.virtana.com/authentication/SSO/saml/acs
If Keycloak is enabled:
SSO URL:
https://keycloak.oc.<env>.cloud.virtana.com/auth/realms/<org_id>/broker/<org_id>-saml-config/endpointNote
<env> is the variable used for your locale. For example https://app.cloud.virtana.com/...
<org_id> is the organisational UUID for the given organisation. You can contact Virtana Support team to get your UUID.
Enter the Audience URI (SP Entity ID):
If keycloak is disabled:
URI:
Virtana-PlatformIf Keycloak is enabled:
URI:
https://keycloak.oc.<env>.cloud.virtana.com/auth/realms/<org_id>Leave Default RelayState and Name ID Format with the default settings.
Note
<env> is the variable used for your locale. For example: https://app.cloud.virtana.com/...
<org_id> is the organisational UUID for the given organisation. You can contact Virtana Support team to get your UUID.
For Application username, select Email.
Click Show Advanced Settings and under the Attribute Statements section do the following
Important
Entries in the Name field must be exactly as indicated below. Names are case-sensitive. Ensure the spelling and capitalization are correct for the entries in the Name fields.
If keycloak is disabled:
For the first attribute statement enter the following:
Name
Name Format
Value
firstName
Basic
user.firstName
Click Add Another and complete the second attribute statement:
Name
Name Format
Value
lastName
Basic
user.lastName
Click Add Another and complete the third attribute statement:
Name
Name Format
Value
externalId
Basic
user.email
If keycloak is enabled:
For the first attribute statement enter the following:
Table 48. Add AttributeName
Name Format
Value
firstName
Basic
user.firstName
Click Add Another and complete the second attribute statement:
Table 49. Add AttributeName
Name format
Value
lastName
Basic
user.lastName
Click Add Another and complete the third attribute statement:
Table 50. Add AttributeName
Name Format
Value
email
Basic
user.email
Click Add Another and complete the fourth attribute statement:
Table 51. Add AttributeName
Name Format
Value
username
Basic
user.email
Click Next and Finish.
A page displays the Virtana Platform Settings on the Sign-On tab.
In the Sign-on methods area, click Identity Provider Metadata under View Setup Instructions.
Make a note of the IdP metadata URL that displays in the browser's URL field.
You must enter this URL in the Virtana Platform SSO settings form.
Tip
This is not the same as the Identify Provider Single Sign-On URL that is displayed by clicking View Setup Instructions.
[Optional] Configure any other options, such as Password reveal or a Sign On Policy.
Add users to the SSO application you just created.
This completes the Okta configuration. You can close Okta and log in to Virtana Platform to proceed with setup.
Next Steps
You must log in to Virtana Platform and configure SSO for the platform.