The following procedure will help you to configure Okta for single sign-on. The first step of the process is to provide the SAML configuration steps of an Okta application to Alert Logic. This is required because Okta generates new values for every application, and Alert Logic requires these values to create the service provider configuration to use in the finalized Okta configuration.
Initial Configuration
-
Navigate to the Okta Admin portal.
-
Navigate from the main Okta Admin portal page to the Applications page.
-
Click Add Application to go to the Okta applications gallery.
-
Click Create App Integration to create a new application.
Note: Alert Logic does not have a published Okta application, so a new internal application must be created. -
In the create application dialog, select Web for the Platform, and select SAML 2.0 for the Sign on Method, then click Create.
-
Within the first step, in General Settings:
-
Enter an application name and optionally upload an icon.
-
Click Next.
-
-
Within the second step, in Configure SAML:
-
Enter a placeholder Single sign on URL and Audience URI (SP Entity ID). https://alertlogic.com can be used for the Single sign on URL and placeholder can be used for the Audience URI (SP Entity ID); the values will be replaced later.
-
Optional: The chosen Application username must match the username of the user in the Alert Logic console. Update the value from the default Okta username if there is a different field that must be used.
-
Optional: Single Log Out can be enabled later (see Finalize Configuration section).
-
Click Next.
-
-
Within the third step, in Feedback:
-
Select I'm an Okta customer adding an internal app as the answer to Are you a customer or partner?
-
Select This is an internal app that we have created as the App type.
-
Click Finish.
-
-
After finishing the creation steps and being redirected to the Sign on settings of the new application:
-
In the Settings box, near the middle of the box under the View Setup Instructions button, find the Identity Provider metadata link and save the link as an XML file. This file should be provided to Alert Logic.
-
Click View Setup Instructions and copy and provide to Alert Logic the following values from the new page: Identity Provider Single Sign-On URL, X.509 Certificate (the certificate can be downloaded), and the resulting file provided to Alert Logic by clicking Download certificate.
-
Finalize Configuration
After providing the Okta application configuration details to Alert Logic, Alert Logic will create the service provider configuration and return these values to finalize the Okta application configuration.
-
Navigate to the Okta Admin portal.
-
Navigate from the main Okta Admin portal page to the Applications page.
-
Click on the name of the application created during the initial configuration steps to be redirected to the application configuration.
-
Click on the General tab to view general application settings.
-
In the General tab, scroll down to the SAML Settings and click the Edit link in the SAML Settings box to be redirected to the create application wizard from the initial configuration steps.
-
In the first step, in General Settings, click the Next button.
-
In the second step, in Configure SAML:
-
Copy and paste the Assertion Consumer Service URL (SSO Callback URL) provided into the Single sign on URL field.
-
Copy and paste the SP Entity ID provided into the Audience URI (SP Entity ID) field.
-
Optional: To enable Single Log Out:
-
Click Advanced Settings under Update application username on.
-
Enter the Single Logout URL provided into the Single Logout URL field.
-
Upload the provided Alert Logic PEM certificate using the Signature Certificate field’s Browse and Upload Certificate buttons.
-
-
Click the Next button.
-
-
In the third step, in Feedback, click the Finish button.
-
Click on the Assignments tab to view application assignments.
-
Assign the application to users/groups as required.
Comments
0 comments
Please sign in to leave a comment.