Skip to main content

Configuring Authentication with Okta and SAML 2.0

You can configure user authentication with Okta as your IdP using SAML 2.0.

info

The users defined in Okta are automatically added to the AtScale Identity Broker when they log in for the first time. All users are added to the everyone group, which includes the query_user role. If you need to add users to other groups or assign them additional roles, you must do so from within the Identity Broker. For more information, see Managing Users with the Identity Broker.

Prerequisites

This procedure assumes that you have created an Okta application integration for AtScale, and that it is configured with SAML 2.0. For more information, refer to the Okta documentation.

Additionally, you must be logged in as an admin user.

Procedure

To configure user authentication using Okta and SAML 2.0:

  1. In AtScale, open the main menu and select Security. The Identity Broker opens.

  2. Select the atscale realm if it is not already selected.

  3. In the left-hand navigation, select Identity providers, then click SAML v2.0.

  4. On the Add SAML provider page, complete the following fields:

    • Redirect URI
    • Alias
    • Display name
    • Service provider entity ID

  5. In a new browser tab, log in to Okta and copy the Metadata URL for the AtScale application. This information is available on the application's Sign On tab.

  6. In the Identity Broker, paste the URL in the SAML Entity Descriptor field. The Identity Broker validates the URL and displays a checkmark if it passes.

  7. Click Add to save the new IdP definition.

  8. Click the IdP you just added.

  9. In the Advanced settings section, enable the Store tokens and Stored tokens readable settings.

  10. Click Save.

  11. If necessary, add attribute mappers for any SAML attributes you have defined in Okta. To add an attribute mapper in the Identity Broker:

    1. In the left navigation, click Identity providers, then select the IdP you just added.
    2. Click the Mappers tab, then click Add mapper.
    3. On the Add Identity Provider Mapper page, define the mapper as needed. The Attribute Name must match the corresponding attribute defined in Okta. Additionally, Mapper type must be Attribute Importer.
    4. Click Save.

  12. Test your configuration:

    1. Open a new browser window and navigate to your AtScale instance.
    2. Click Sign In in the top right corner. The Sign in to your account window appears.
    3. Click the option to log in with Okta and enter your credentials.