Skip to main content

Okta

Configuring Okta Integration with the Vega Platform

Overview

This guide provides detailed steps to configure Okta Single Sign-On (SSO) with the Vega Platform. Follow these instructions to ensure a seamless integration process.

Prerequisites

  • Access to Vega Platform with admin privileges. To manage federated authentication, you must have org_owner, org_global_admin, or manager access to your Vega Organization that is delegating federation settings to the instance.
  • Access to Okta Admin Dashboard.

Terms and Definitions

  • Service Provider (SP): The entity providing the service that users want to access (in this case, the Vega Platform).
  • Identity Provider (IDP): The entity responsible for authenticating users and providing identity information (in this case, Okta).
  • Single Sign-On (SSO): A session and user authentication service that permits a user to use one set of login credentials (e.g., name and password) to access multiple applications.

Step-by-Step Instructions

1. Configure SSO in the Vega Platform

  1. Log into the Vega Platform:

    • Navigate to the Settings page.
    • Click on the "Single Sign-On" tab.

  2. Initiate Okta Configuration:

    • Click the Okta logo.
    • Click the “Next Step” button.

  3. Fill Out SSO Configuration Form:

    • Configuration Name/Alias: Provide a unique alias (no spaces allowed).
    • Display Name: Enter a user-friendly name (spaces allowed).
    • Issuer URI: Click "Fill With Placeholder Values".
    • Single Sign-On URL: This field auto-fills with placeholder values.
    • Request Binding: Select "HTTP Post".
    • Response Signature Algorithm: Select "SHA256".
    • Identity Provider Signature Certificate: Upload the certificate if required.
    • Click the “Create” button to save the configuration.

    NOTE: The placeholder values will be replaced with real values later in the instructions in Step 3.2

  4. Expand Configuration Details:

    • Stay in the Single Sign-On settings tab.
    • Find and expand the newly created configuration.
    • Note the two sections: "Settings Required for the SSO Configuration within the Vega Platform" and "Settings and Configuration Data for SSO Provider".

2. Set Up Okta Integration

  1. Log into Okta Admin Dashboard:

    • Open a new browser tab.
    • Navigate to the Okta Admin Dashboard.

  2. Create New App Integration:

    • From the left side menu, select “Applications” and then “Applications” sub-menu.
    • Click “Create App Integration”.
    • Select “SAML 2.0” as the sign-in method.
    • Click “Next”.

  3. Configure SAML Settings:

    • App Name: Enter the desired app name. Click "Next".
    • Single Sign-On URL: Copy from Vega Platform and paste here.
    • Check "Use this for Recipient URL and Destination URL".
    • Audience URI: Copy from Vega Platform and paste here.
    • Name ID Format: Select "Unspecified".
    • Application Username: Select "Email".
    • Update Application Username On: Select "Create and Update".

  4. Advanced Settings:

    • Click "Show Advanced Settings".
    • Response: Select "Signed".
    • Assertion Signature: Select "Signed".
    • Signature Algorithm: Select "RSA-SHA256".
    • Digest Algorithm: Select "SHA256".
    • Assertion Encryption: Select "Unencrypted".

  5. Attribute Statements:

    • Add three attributes as follows:
      • firstName: Format "Unspecified", Value "user.firstName".
      • lastName: Format "Unspecified", Value "user.lastName".
      • email: Format "Unspecified", Value "user.email".
    • Ensure the attribute names are case-sensitive.

  6. Group Attribute Statements (if applicable):

    • Name: memberOf
    • Name Format: Unspecified
    • Filter: Matches regex
    • Value: .*

  7. Finish App Integration:

    • Click “Next”.
    • On the feedback tab, select appropriate options (e.g., "I'm an Okta Customer adding an internal app").
    • Click “Finish”.

3. Finalize SSO Configuration

  1. Retrieve Okta SSO Details:

    • In Okta, navigate to the newly created application.
    • Click “Sign On”.
    • Click “View SAML setup instructions”.

  2. Complete Vega SSO Configuration:

    • Copy Identity Provider Single Sign-On URL from Okta and paste into the Vega Platform Single sign-on URL field.
    • Copy Identity Provider Issuer from Okta and paste into the Vega Platform Issuer URI field.
    • Click the “Save” button in the Vega Platform.

  3. Test SSO Integration:

    • Log out of the Vega Platform.
    • Log back in using SSO via https://<your-slug>.vegacloud.io or through the Okta Portal.

Support

If you encounter any issues or need further assistance, please contact Vega Platform Support at support@vegaplatform.com.

By following these steps, you should have successfully configured Okta SSO with the Vega Platform. Ensure all steps are completed accurately to avoid any configuration issues.