Okta single sign-on

This guide will walk you through the steps of setting up Okta Single Sign-on (SSO) with the Plerion Platform. By the end of this guide, you will have successfully configured SSO and Authorization for your application.

​

Setting up your application on Okta

1. Sign in to your Okta Account
2. Once logged in, navigate to Applications and select Create App Integration

3. Select SAML 2.0 and Click Next

4. Provide an App Name and Click Next

5. On Plerion Protection Platform, Navigate to Admin -> Security -> Single Sign-On, and copy the #1 URL

6. On Okta, paste the copied URL in the Single Sign-On URL and Audience URI (SP Entity ID) fields

7. Select Name ID Format as Email Address
8. For Attribute Statement provide the input and select Next.

9. Select your preference and click Finish

​

Add User to your Okta Application

1. On your Okta Account, navigate to Directory and select People. Click on Add Person to add your user.

2. Provide all inputs and click Save

3. Navigate to the Okta Application you’ve recently created. In the Assignments tab, Select Assign drop-down and select Assign to People. Assign the newly created user and click Done.

​

Single Sign-On Configuration on the Plerion Platform

1. Navigate to your application and Click on Sign-on. On the right-hand side, Click View SAML Setup Instructions

2. Copy the Single Sign-On URL, Identity Provider Issuer, and X.509 Certificate

3. Navigate to Plerion Platform -> Admin -> Security -> Single Sign-On and paste the values copied above to the fields in Step 2.

4. Click on Test to see if you’ve successfully connected and configured. A pop-up window will appear where you can sign in using the new user you’ve created in the Okta Application.

Congratulations! You’ve successfully configured your SSO configuration.

​

Attribute Mapping and Roles

1. On your Okta Account, Navigate to Directory and select Groups. Click on Add group.

2. Provide a group name and Click Save. Use this group name for attribute mapping.

3. Navigate to your Okta Application. Similar to Adding User, Go to the Assignments tab.

4. Click Assign and Select Assign to groups. Click Assign to your newly created group and Click Done.

5. Click on your Group and Click Assign People. Assign (+) the user you’ve created in the first part of this guide.
6. On your Okta Application, navigate to the General tab. On the SAML settings, Click Edit.

7. Navigate to Configure SAML and configure the Group Attribute Statements.

Here, we have added the name as group which we will use as a SAML attribute in the Plerion Platform. Also, we’ve created a group in step 2 testOrgAdmin which starts with test. We will be using the same attribute filter here.

8. Click Next and Click Finish.
9. On the Single Sign-On Page of the Plerion Platform, Click on Attribute Mapping. Click on Email and select Use SAML Name ID.

10. On Display Name, if you want to allow users to choose their display name then leave this as unchecked. However, if you want to map the Okta user’s first name and last name as the user’s display name, then click on it and configure the attribute statement.

Note: Users can choose their display name by logging into their account and navigating to their profile.

11. Click on Roles. Provide a name group for the SAML attribute.
12. Click on Add Mapping. Provide the name testOrgAdmin. Click on (+) to map the Plerion role. Select the role. Here, we’ve selected Organization Admin. Click Save.

13. Click Test to check if the attribute mapping has been configured properly or not.

You’ve successfully configured for both Authentication and Authorization.

​

Access Plerion Platform via Okta

You can use the URL from the Okta Application -> General Tab -> App Embed link section to access the application. You can now access the Plerion Platform using the email and password for your newly created user account via Okta. Here, you will be logged in as an Organization Admin. You can create your different groups in Okta and map with a different role in the Plerion Platform.