Okta Single Sign-on

This guide will walk you through the steps of setting up Okta Single Sign-on (SSO) with the Plerion Platform. By the end of this guide, you will have successfully configured SSO and Authorization for your application.

đź’ˇ

To ensure a smooth setup experience, we strongly recommend that you use two different browser sessions or different browsers while configuring Okta and the Plerion Platform. Using different browsers or sessions will prevent any potential conflicts or issues that may arise from sharing the same session.

Setting up your application on Okta

  1. Sign in to your Okta Account

  2. Once logged in, navigate to Applications and select Create App Integration

App Integration

  1. Select SAML 2.0 and Click Next

SAML

  1. Provide an App Name and Click Next

App Name

  1. On Plerion Protection Platform, Navigate to Admin -> Security -> Single Sign-On, and copy the #1 URL

Configure SSO

  1. On Okta, paste the copied URL in the Single Sign On URL and Audience URI (SP Entity ID) fields

SSO Url

  1. Select Name ID Format as Email Address

  2. For Attribute Statement provide the input and select Next.

Attribute Mapping

  1. Select your preference and click Finish

Finish Config

Add User to your Okta Application

  1. On your Okta Account, navigate to Directory and select People. Click on Add Person to add your user.

Add User

  1. Provide all inputs and click Save

User Info

  1. Navigate to the Okta Application you've recently created. In the Assignments tab, Select Assign drop-down and select Assign to People. Assign the newly created user and click Done.

Single Sign-On Configuration on the Plerion Platform

  1. Navigate to your application and Click on Sign On. On the right-hand side, Click View SAML Setup Instructions

SAML Setup

  1. Copy the Single Sign On URL, Identity Provider Issuer, and X.509 Certificate

Config info

  1. Navigate to Plerion Platform -> Admin -> Security -> Single Sign On and paste the values copied above to the fields in Step 2.

Plerion Platform setup

  1. Click on Test to see if you've successfully connected and configured. A pop-up window will appear where you can Sign in using the new user you've created in the Okta Application.

Authentication Test

Congratulations! You've successfully configured your SSO configuration. Now, that the Authentication is successful, let us configure the Authorization. For successful Authorization, you will need to verify roles attribute mapping and roles.

Attribute Mapping and Roles

  1. On your Okta Account, Navigate to Directory and select Groups. Click on Add group.

Group Okta

  1. Provide a group name and Click Save. Use this group name for attribute mapping.

Group Okta

  1. Navigate to your Okta Application. Similar to Adding User, Go to the Assignments tab.

Group Assign

  1. Click Assign and Select Assign to groups. Click Assign to your newly created group and Click Done.

Group Okta

  1. Click on your Group and Click Assign People. Assign (+) the user you've created in the first part of this guide.

  2. On your Okta Application, navigate to the General tab. On the SAML settings, Click Edit.

SAML edit

  1. Navigate to Configure SAML and configure the Group Attribute Statements.

SAML Config

Here, we have added the name as group which we will use as a SAML attribute in the Plerion Platform. Also, we've created a group in step 2 testOrgAdmin which starts with test. We will be using the same attribute filter here.

Group Attribute

  1. Click Next and Click Finish.

  2. On the Single Sign On Page of the Plerion Platform, Click on Attribute Mapping. Click on Email and select Use SAML Name ID.

Attribute Mapping

  1. On Display Name, if you want to allow users to choose their display name then leave this as unchecked. However, if you want to map the Okta user's first name and last name as the user's display name, then click on it and configure the attribute statement.

Attribute Mapping

Note: Users can choose their display name by logging into their account and navigating to their profile.

Attribute Mapping

  1. Click on Roles. Provide a name group for the SAML attribute.

  2. Click on Add Mapping. Provide the name testOrgAdmin. Click on (+) to map the Plerion role. Select the role. Here, we've selected Organization Admin. Click Save.

Role Mapping

  1. Click Test to check if the attribute mapping has been configured properly or not.

Test Mapping

You've successfully configured for both Authentication and Authorization.

Access Plerion Platform via Okta

You can use the URL from the Okta Application -> General Tab -> App Embed link section to access the application.

App link

You can now access the Plerion Platform using the email and password for your newly created user account via Okta. Here, you will be logged in as an Organization Admin. You can create your different groups in Okta and map with a different role in the Plerion Platform.

Azure Single Sign-OnPartner single sign-on