Configuring Single Sign-On using Okta
- Last updated
- Save as PDF
Okta provides secure identity management software that lets you connect any person with any application on any device using Single Sign-On (SSO).
Perform the following steps for configuring SSO:
- Configure SSO on the vManage UI
- Configure SSO on the Okta website
To configure SSO on the vManage UI:
-
In vManage, click Administration ► Settings ► Identify Provider Settings ► Edit.
-
Click Enabled.
- Navigate to Click here to download the SAML metadata and save the content in a file. This data will be used for configuring Okta.
- In Metadata, you need the following information to configure Okta with vManage:
- Entity ID
- Signing certificate
- Encryption certificate
- Logout URL
- Login URL
To configure SSO on the Okta website:
- Log on to the Okta website.
- Create a username using your email address.
Make sure you are using the Classic UI view on Okta. If not, change your view to the Classic UI view by clicking on the Admin button in the upper-right corner. - On the next page in the upper-left corner, switch from the Developer Console view to the Classic UI view.
- Navigate to Add applications ► Add application.
- Select SAML 2.0 and click Create.
- Use a string for Application name.
- (Optional) Upload a logo and then click Next.
- At SAML Settings, add the SSO URL using the samlLoginResponse URL from the downloaded metadata from the vManage UI.
- Copy the entityID string and paste it in the Service Provider ID field.
- For Name ID format, select EmailAddress and then click Enter.
- For Application username, select Okta username.
- For Show Advanced Settings, enter the fields as indicated below.
Component | Value | Configuration |
---|---|---|
Response | Signed | |
Assertion Signature | Signed | |
Signature Algorithm | RSA-SHA256 | |
Digest Algorithm | SHA256 | |
Assertion Encryption | Encrypted | |
Encryption Algorithm | AES256-CBC | |
Key Transport Algorithm | RSA-OAEP | |
Encryption Certificate |
|
|
Enable Single Logout |
Make sure this is checked.
|
|
Single Logout URL | Get from the metadata. | |
SP Issuer | Use the entityID from the metadata. | |
Signature Certificate |
|
|
Authentication context class | X.509 Certificate | |
Honor Force Authentication | Yes | |
SAML issuer ID string | SAML issuer ID string | |
Attributes Statements (optional) |
Name ► Username Name format (optional) ► Unspecified
|
|
Group Attribute Statements (optional) |
Name ► Groups Name format (optional) ► Unspecified Filter ► "Regex" - ".*" |
It is mandatory to use the two strings, Username and Groups, exactly as shown above. Otherwise, you may be logged in with the default group of Basic.
- Click Next.
- For App type, check This is an internal app that we have created (optional).
- Click Finish.
This brings you to the Okta application page. - Click on View Setup Instructions.
- Copy the IDP metadata.
- Navigate back to the vManage UI.
- Click on Identity Provider Settings.
- Paste the IDP metadata that you copied on to Upload Identity Provider Metadata, and then click Save.
To assign users to the application in Okta:
- On the Okta application page, navigate to Assignments ► People ► Assign.
- Select Assign to people from the drop-down menu.
- Click on Assign next to the user(s) you selected and click Done.
- To add a user, click on Directory ► Add Person ► Save.