Configuring Authentication with Okta and SAML 2.0
You can configure user authentication with Okta as your IdP using SAML 2.0.
The users defined in Okta are automatically added to the
AtScale Identity Broker when they log in for the first time. All users
are added to the everyone
group, which includes the query_user
role.
If you need to add users to other groups or assign them additional
roles, you must do so from within the Identity Broker. For more
information, see Managing Users with the Identity
Broker.
Prerequisites
This procedure assumes that you have created an Okta application integration for AtScale, and that it is configured with SAML 2.0. For more information, refer to the Okta documentation.
Additionally, you must be logged in as an admin user.
Procedure
To configure user authentication using Okta and SAML 2.0:
-
In AtScale, open the main menu and select Security. The Identity Broker opens.
-
Select the atscale realm if it is not already selected.
-
In the left-hand navigation, select Identity providers, then click SAML v2.0.
-
On the Add SAML provider page, complete the following fields:
- Redirect URI
- Alias
- Display name
- Service provider entity ID
-
In a new browser tab, log in to Okta and copy the Metadata URL for the AtScale application. This information is available on the application's Sign On tab.
-
In the Identity Broker, paste the URL in the SAML Entity Descriptor field. The Identity Broker validates the URL and displays a checkmark if it passes.
-
Click Add to save the new IdP definition.
-
Click the IdP you just added.
-
In the Advanced settings section, enable the Store tokens and Stored tokens readable settings.
-
Click Save.
-
If necessary, add attribute mappers for any SAML attributes you have defined in Okta. To add an attribute mapper in the Identity Broker:
- In the left navigation, click Identity providers, then select the IdP you just added.
- Click the Mappers tab, then click Add mapper.
- On the Add Identity Provider Mapper page, define the mapper as needed. The Attribute Name must match the corresponding attribute defined in Okta. Additionally, Mapper type must be Attribute Importer.
- Click Save.
-
Test your configuration:
- Open a new browser window and navigate to your AtScale instance.
- Click Sign In in the top right corner. The Sign in to your account window appears.
- Click the option to log in with Okta and enter your credentials.