Okta setup¶
This section explains how to integrate ODM with Okta to use Okta as SAML service provider.
Create Okta SAML app¶
-
In the Admin Console, go to Applications -> Applications
-
Click Create App Integration
-
Select SAML 2.0 as the Sign-in method
-
General settings
- App name: Specify a name for your app
-
Configure SAML
-
General
-
Single sign-on URL:
https://ODM-HOST/frontend/endpoint/AssertionConsumer
-
Audience URI (SP Entity ID):
https://ODM-HOST/frontend/endpoint/SamlSpMetadata
-
Name ID format:
EmailAddress
-
Application username:
Email
-
-
Attribute Statements (optional)
-
urn:mace:dir:attribute-def:mail
->user.email
-
urn:mace:dir:attribute-def:givenName
->user.firstName
-
urn:mace:dir:attribute-def:sn
->user.lastName
-
-
-
Feedback
- App type: This is an internal app that we have created
-
Click Finish
-
You’ll be redirected to Sign On page.
- In the SAML Signing Certificates section, generate a new one or download an existing certificate. It will be needed for configuring ODM.
-
Certificate preparation¶
You need to create the necessary certificates for ODM.
-
In step E, you downloaded the certificate.
-
Convert it to
idp.key
. -
Convert
idp.key
to base64 format
-
-
Create new certificates
-
Generate
sp_x509_pem.crt
ODM-HOST
is the server name without http/https, for example,odm.example.com
.
-
Generate
sp_pkcs8_der.key
-
Convert
sp_x509_pem.crt
to base64 format -
Convert
sp_pkcs8_der.key
to base64 format -
Update the Helm chart with the provided information.
-
Now you can configure ODM to use Okta as SAML service provider. You can find configuration examples in the Helm chart.