Skip to main content
Cisco SD-WAN
Support
Product Documentation
Viptela Documentation

Configuring Single Sign-On using Okta

Configuring SSO using OKTA

Okta provides secure identity management software that lets you connect any person with any application on any device using Single Sign-On (SSO).

Perform the following steps for configuring SSO:

  • Configure SSO on the vManage UI
  • Configure SSO on the Okta website

To configure SSO on the vManage UI:

  1. In vManage, click AdministrationSettings ► Identify Provider Settings ► Edit.

  2. Click Enabled.

  3. Navigate to Click here to download the SAML metadata and save the content in a file. This data will be used for configuring Okta.
  4. In Metadata, you need the following information to configure Okta with vManage:
  • Entity ID
  • Signing certificate
  • Encryption certificate
  • Logout URL
  • Login URL

To configure SSO on the Okta website:

  1. Log on to the Okta website.
  2. Create a username using your email address.
    Make sure you are using the Classic UI view on Okta. If not, change your view to the Classic UI view by clicking on the Admin button in the upper-right corner.
  3. On the next page in the upper-left corner, switch from the Developer Console view to the Classic UI view.
  4. Navigate to Add applications ► Add application.
  5. Select SAML 2.0 and click Create.
  6. Use a string for Application name.
  7. (Optional) Upload a logo and then click Next.
  8. At SAML Settings, add the SSO URL using the samlLoginResponse URL from the downloaded metadata from the vManage UI.
  9. Copy the entityID string and paste it in the Service Provider ID field.
  10. For Name ID format, select EmailAddress and then click Enter.
  11. For Application username, select Okta username.
  12. For Show Advanced Settings, enter the fields as indicated below.
Component Value Configuration
Response Signed  
Assertion Signature Signed  
Signature Algorithm RSA-SHA256  
Digest Algorithm SHA256  
Assertion Encryption Encrypted  
Encryption Algorithm AES256-CBC  
Key Transport Algorithm RSA-OAEP  
Encryption Certificate  
  1. Copy the encryption certificate from the metadata you downloaded.
  2. Go to www.samltool.com and click on X.509 CERTS, paste there. Click Format X.509 Certificate.
  3. Make sure to remove the last empty line and then save the output (X.509.cert with header) into a text file encryption.cer.
  4. Upload the file. The Firefox browser may not allow you to do the upload. You can use the Chrome browser, however. You should see the certificate information after uploading to Okta.
Enable Single Logout  

Make sure this is checked.

 

Single Logout URL   Get from the metadata.
SP Issuer   Use the entityID from the metadata.
Signature Certificate  
  1. Obtain from the metadata.
    Format the signature certificate using www.samltool.com as done above.
  2. Save to a file, for example, signing.cer and upload.
Authentication context class X.509 Certificate  
Honor Force Authentication Yes  
SAML issuer ID string SAML issuer ID string  

Attributes Statements (optional)

Name Username

Name format (optional) Unspecified
Value user.login

 

 

Group Attribute Statements (optional)

Name Groups

Name format (optional) Unspecified

Filter "Regex" - ".*"

 

It is mandatory to use the two strings, Username and Groups, exactly as shown above. Otherwise, you may be logged in with the default group of Basic.

  1. Click Next.
  2. For App type, check This is an internal app that we have created (optional).
  3. Click Finish.
    This brings you to the Okta application page.
  4. Click on View Setup Instructions.
  5. Copy the IDP metadata.
  6. Navigate back to the vManage UI.
  7. Click on Identity Provider Settings.
  8. Paste the IDP metadata that you copied on to Upload Identity Provider Metadata, and then click Save.

To assign users to the application in Okta:

  1. On the Okta application page, navigate to Assignments ► People ► Assign.
  2. Select Assign to people from the drop-down menu.
  3. Click on Assign next to the user(s) you selected and click Done.
  4. To add a user, click on Directory ► Add Person ► Save.

 

 

 

 

Configuring SSO using Okta

 

  • Was this article helpful?