Single Sign-On (SSO) Integration with Okta

This post is based on a source article by Anabel Perez (link).
CentreStack-Okta-Comp-TR

Single sign-on (SSO) is a session and user authentication service that permits a user to use one set of login credentials (e.g. name and password) to access multiple applications.

Okta is the foundation for secure connections between people and technology. It’s a service that gives employees, customers and partners secure access to the tools they need to do their most important work. (Okta FAQ: https://www.okta.com/faq/)

If a user already exists in Okta, SSO can be used to authenticate it in CentreStack.

The following guide should help you integrate Okta SSO into your CentreStack installation.
 https://www.centrestack.com/

1. CentreStack Single Sign-On URL
Single Sign-On information is located in two places:
  • From the Cluster Management Console, go to the Control Panel view and choose Single Sign-On.
Control Panel SSO
  • From the Tenant Management Console, go to the Group Policy view, and choose Single Sign-On settings there.
 Group Policy SSO
  • In the Single Sing-On view, copy the “Access service provider meta data using the following link:” and Check the box under “Enable SAML Authentication”.
SSO metadata
  • This Link or Entity ID will be used in the Okta configuration page as shown below:
Metadata

2. General settings
In the Okta web portal, specify the following settings:
  • a. Single Sign On URL and Audience URI (SP Entity ID)
    • Use the Entity ID value copied in the step above. (Make sure to enable the option: Use this for Recipient URL and Destination URL)
  • b. Name ID Format
    • EmailAddress
  • c. Response
    • Unsigned
  • d. Signature Algorithm and Digest Algorithm
    • SHA1 (This provides the most compatibility because CentreStack was developed on  Microsoft’s .Net platform)
Okta Settings General

3. Creating Attributes
In the Attribute Statements section, create 3 attributes to match the 3 Parameter defined in the CentreStack SSO configuration page:
  • a. user
    • email (IdP Email Parameter)
  • b. user
    • firstname (IdP Given Name Parameter)
  • c. user
    • lastname (IdP Surname Parameter)
Okta Settings Attributes

4. Identity Provider IdP Information
Once all the settings are filled in and the SAML 2.0 application is created in Okta, access the “Sign On” tab and click on “View Setup Instructions”.
Okta Settings SO

Take the following two settings from this page and copy them to the SSO configuration on the CentreStack side.
  • a. Identity Provider Single Sign-On URL (IdP End Point URL)
  • b. Provide the following IDP metadata to your SP provider (IdP Meta Data)
Okta Settings SAML 1

5. How to login
After applying the changes in the SSO page in the CentreStack web portal, you can test the integration.
  • a. From CentreStack
    • In the CentreStack login page, you will see the Okta Single Sign On text. When clicked, you will log in at Okta and redirected back to CentreStack to access your data.
Login
  • b. From Okta
    • Once you are logged in on the Okta website, you can see all of the connected applications. Click the CentreStack application to access your data on CentreStack.
Login Okta side






















Comments

Popular posts from this blog

CentreStack Tenant Storage Explained

Centrestack New Web User Interface

Auto Upgrade for Windows Client in Centrestack