Add OKTA as an Identity Provider in EAA

Similar documents
RECOMMENDED DEPLOYMENT PRACTICES. The F5 and Okta Solution for High Security SSO

RSA SecurID Access SAML Configuration for Datadog

RSA SecurID Access SAML Configuration for Kanban Tool

Enabling Single Sign-On Using Microsoft Azure Active Directory in Axon Data Governance 5.2

Enabling Single Sign-On Using Okta in Axon Data Governance 5.4

Juniper Networks SSL VPN Integration Guide

Google SAML Integration with ETV

ComponentSpace SAML v2.0 Okta Integration Guide

Configure Unsanctioned Device Access Control

RSA SecurID Access SAML Configuration for Samanage

RSA SecurID Access SAML Configuration for StatusPage

Integrating VMware Workspace ONE with Okta. VMware Workspace ONE

About This Document 3. Overview 3. System Requirements 3. Installation & Setup 4

INTEGRATING OKTA: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

Configuring Single Sign-on from the VMware Identity Manager Service to Bonusly

Integrating the YuJa Enterprise Video Platform with Dell Cloud Access Manager (SAML)

Configuring Alfresco Cloud with ADFS 3.0

SAML-Based SSO Configuration

Configuring Confluence

Configuring Single Sign-on from the VMware Identity Manager Service to Marketo

Integrating YuJa Active Learning into Google Apps via SAML

Advanced Configuration for SAML Authentication

Slack Cloud App SSO. Configuration Guide. Product Release Document Revisions Published Date

SAML-Based SSO Solution

Google SAML Integration

Upland Qvidian Proposal Automation Single Sign-on Administrator's Guide

Okta Integration Guide for Web Access Management with F5 BIG-IP

Single Sign-On Administrator Guide

Okta SAML Authentication with WatchGuard Access Portal. Integration Guide

Zendesk Connector. Version 2.0. User Guide

Configuration Guide - Single-Sign On for OneDesk

MyWorkDrive SAML v2.0 Okta Integration Guide

IMPLEMENTING SINGLE SIGN-ON (SSO) TO KERBEROS CONSTRAINED DELEGATION AND HEADER-BASED APPS. VMware Identity Manager.

SAML 2.0 SSO. Set up SAML 2.0 SSO. SAML 2.0 Terminology. Prerequisites

Setting Up Resources in VMware Identity Manager (SaaS) Modified 15 SEP 2017 VMware Identity Manager

PingOne. How to Set Up a PingFederate Connection to the PingOne Dock. Quick Start Guides. Version 1.1 December Created by: Ping Identity Support

Five9 Plus Adapter for Agent Desktop Toolkit

All about SAML End-to-end Tableau and OKTA integration

Webthority can provide single sign-on to web applications using one of the following authentication methods:

ServiceNow Okta Identity Cloud for ServiceNow application Deployment Guide Okta Inc.

SAML Authentication with Pulse Connect Secure and Pulse Secure Virtual Traffic Manager

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. PingIdentity PingFederate 8

Single Sign-On Administrator Guide

MyWorkDrive SAML v2.0 Azure AD Integration Guide

Introduction to application management

VMware Identity Manager Administration

April Understanding Federated Single Sign-On (SSO) Process

SAML-Based SSO Solution

This documentation will go over how to install Sharepoint for configuring with Panopto.

Administering Workspace ONE in VMware Identity Manager Services with AirWatch. VMware AirWatch 9.1.1

McAfee Cloud Identity Manager

RSA SecurID Ready Implementation Guide. Last Modified: December 13, 2013

Configuring Single Sign-on from the VMware Identity Manager Service to Exterro E-Discovery

Morningstar ByAllAccounts SAML Connectivity Guide

TACACs+, RADIUS, LDAP, RSA, and SAML

Advanced integrations with Okta: MobileIron

Integrating AirWatch and VMware Identity Manager

Cloud Secure Integration with ADFS. Deployment Guide

CONFIGURING AD FS AS A THIRD-PARTY IDP IN VMWARE IDENTITY MANAGER: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

Workday Deployment Guide Version 4.0

McAfee Cloud Identity Manager

VMware Identity Manager Administration. MAY 2018 VMware Identity Manager 3.2

Integrating the YuJa Enterprise Video Platform with ADFS (SAML)

Setting Up the Server

Configuring Single Sign-on from the VMware Identity Manager Service to Trumba

Integrating YuJa Active Learning into ADFS via SAML

Integration Guide. PingFederate SAML Integration Guide (SP-Initiated Workflow)

Setting Up Resources in VMware Identity Manager

SafeNet Authentication Manager

Configuring Single Sign-on from the VMware Identity Manager Service to Vizru

Setting Up Resources in VMware Identity Manager (On Premises) Modified on 30 AUG 2017 VMware AirWatch 9.1.1

Using Microsoft Azure Active Directory MFA as SAML IdP with Pulse Connect Secure. Deployment Guide

ClearPass. Onboard and Cloud Identity Providers. Configuration Guide. Onboard and Cloud Identity Providers. Configuration Guide

Table of Contents. Single Sign On 1

TextExpander Okta SCIM Configuration

SafeNet Authentication Manager

SAML-Based SSO Configuration

McAfee Cloud Identity Manager

McAfee Cloud Identity Manager

Google Auto User Provisioning

Qualys SAML 2.0 Single Sign-On (SSO) Technical Brief

Guide to Deploying VMware Workspace ONE. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager 3.1

Quick Connection Guide

WebEx Connector. Version 2.0. User Guide

Integrating YuJa Active Learning with ADFS (SAML)

esignlive SAML Administrator's Guide Product Release: 6.5 Date: July 05, 2018 esignlive 8200 Decarie Blvd, Suite 300 Montreal, Quebec H4P 2P5

Setting Up Resources in VMware Identity Manager. VMware Identity Manager 2.8

VMware Identity Manager Administration

Guide to Deploying VMware Workspace ONE. VMware Identity Manager VMware AirWatch 9.1

Oracle Utilities Opower Solution Extension Partner SSO

McAfee Cloud Identity Manager

VMware AirWatch System Settings Reference Manual for On-Premises Customers A comprehensive listing of AirWatch system settings. AirWatch v9.

Welcome to Oracle Service Cloud Ask the Experts

Overview 4. System Requirements 4

VMware Identity Manager Cloud Deployment. Modified on 01 OCT 2017 VMware Identity Manager

Workspace ONE UEM Directory Service Integration. VMware Workspace ONE UEM 1811

SAP NetWeaver Cloud Security Tutorial Single Sign-On and Identity Federation with SAP NetWeaver Single Sign-On

OneLogin SCIM. Table of Contents. Summary... 2 System Requirements... 2 Installation & Setup... 2 Contact Us... 6

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. Pulse Connect Secure 8.x

SAML SSO Okta Identity Provider 2

Transcription:

Add OKTA as an Identity Provider in EAA Log in to Akamai Luna control center with administrative privileges. Select the correct contract which is provisioned for Enterprise Application Access (EAA). In the selected contract, click CONFIGURE and click Enterprise Application Access from the available list of Akamai products Akamai Luna control center will redirect you to EAA management console, In EAA management portal, click Identity Providers, then click Identity Providers In the Identity Providers configuration menu, click Add Identity Provider, to add OKTA as a SAML IdP. In Create New Identity Provider configuration box, enter the following: a. Name and Description: Enter a name (we used Okta in our example) and description. b. Provider Type: Select Okta from the dropdown menu. c. Click Create Identity Provider and Configure.

A new configuration pages appears. Enter the following: a. Identity Intercept: Enter custom or Akamai hostname to identify SP (Service Provider s) Base URL or ACS URL. Note: If you choose Use your domain option, please configure the CNAME in your external DNS as generated by the UI Note: Upload and use your own certificate for custom domain. b. Akamai Cloud Zone: Select the EAA Cloud zone from the dropdown menu closest to the users. c. Certificate Authentication (Optional) : Select the checkbox and configure required parameters if you want to enable Client Certificate authentication d. URL: Enter your Okta subdomain (we used acme in our example). e. Logout URL: Sign into the Okta Admin Dashboard to generate this variable. Copy and paste the logout url from OKTA Admin dashboard. f. Sign SAML Request (Optional) : i.in SP initiated flow, if OKTA requires Signed SAML request, then you can enable this checkbox which will send the signed SAML assertion to OKTA ii.encrypted SAML Response: Enable this checkbox if OKTA sends encrypted SAML response to EAA (SP). Use the certificate required to encrypt responses. g. Upload IDP Metadata File: Click Choose File to locate, then upload the metadata.xml file you have downloaded from OKTA dashboard for Akamai EAA SAML SP endpoint. h. Leave the Session Settings default and click Save & Exit.

Assigning OKTA Identity Provider to a New/Existing Applications in EAA and Configure Attributes Mapping For access applications, EAA can provide Single Sign On (SSO) using custom headers. EAA uses various attributes, it receives as part of SAML assertion from OKTA and injects X-forwarded-for headers with custom attributes

In your EAA access application configuration, Select the AUTHENTICATION tab, then click Assign Identity Provider for new applications or Change Identity Provider for existing applications to select OKTA. Select the Okta as Identity Provider Click save and go to ADVANCED SETTINGS tab, then scroll down to the Custom HTTP Headers section: Configure attributes mapping as follows: o Header Name: Enter a required header name. o Attribute: Select custom.

Enter appropriate SAML attribute name(s). See List of Supported Attributes. In our example below we added three headers (FirstName, LastName, Department) and mapped them to the FirstName, LastName and custom1 attributes from the SAML assertion received from OKTA After configuring custom HTTP headers, save and deploy the the application configuration. Done! You can find more information on how to setup your first application with the Akamai Enterprise Application Access platform at EAA Quick Start Guide

OKTA Configuration. Notes: Depending on the custom application configuration, SP-initiated flows, IdP-initiated flows, and Just In Time (JIT) provisioning are all supported. For IDP-initiated Flows Follow the instructions here: http://saml-doc.okta.com/saml_docs/simulating-an-idp-initiated-flowwith-the-bookmark-app.html. Please use Akamai application URL for the Okta Bookmark app URL field. For SP-initiated Flows Open your application URL. List of Supported Attributes Okta sends the following attributes as part of the SAML assertion: FirstName, LastName. These attributes are mapped to the corresponding fields in the Okta Base User Profile. In addition to the default attributes, Okta supports the following five custom attributes: custom1, custom2, custom3, custom4, custom5. Here is an example describing how to add and use additional custom attributes: In Okta, navigate to Directory > Profile Editor.

Search for the Akamai Enterprise Application Access app, then click Profile. Click Add Attribute, then enter the following: Display Name: Enter the preferred attribute name. In our example we used Department. Variable Name: If you are adding one attribute, enter custom1; for other attributes the value will be custom2, custom3, custom4, or custom5. Click either Add Attribute if you are adding just one attribute, or Save and Add Another to add more. Note: Scope (optional): If you check user personal, the current attribute will be available once you assign the user to the Akamai Enterprise Application Access app and will not be available once you assign the group to the app.

Click Map Attributes: Select the Okta to Akamai Enterprise Application Access tab, then do the following: Start typing the required attribute from the Okta base user profile (or use the dropdown list) and select the attributes you want to map. In our example, we have selected the Department attribute, then the green arrows (Apply mapping on user create and update).

Click Save Mappings. Click Apply updates now:

Now Okta will pass custom1 attribute with the value of the Department field from the Okta base user profile. You can use the custom1 attribute key for the SAML attribute name during attributes mapping in the Akamai Enterprise Application Access (step 5). User Groups Select the Sign On tab for the Akamai Enterprise Application Access, then click Edit: Select a preferred group filter for the Group attribute (the Regex rule with the value ".*" in order to send *all* groups to the Akamai instance we used in our example). Click Save.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback