search

Authentication Saml Connector

Platform9 supports Single Sign On with Okta. This tutorial describes the procedure for configuring Platform9 as Okta application. Once the application is configured, you can follow these stepsarrow-up-right to grant your Okta users access to the Platform9 cloud.

hashtag
Step 1: Create a New SAML Connector

After logging in as admin, search for "Template SAML 2.0 App". This app is deprecated by Okta, however it works with Platform9.

hashtag
Step 2: Configure SAML Connector

Give your application connector a suitable label as shown below.

hashtag
Step 3: Configure Okta Connection Settings

  1. Post Back URL: Set it to https:///Shibboleth.sso/SAML2/POST

  2. Name ID Format: Leave it as is.

  3. Recipient: Set it to https:///Shibboleth.sso/SAML2/POST

  4. Audience Restriction: Set it to https:///keystone

  5. authnContextClassRef: Leave it as is.

  6. Response: Leave it as is.

  7. Assertion: Leave it as is.

  8. Request: Leave it as is.

  9. Destination: Set it to https:///Shibboleth.sso/SAML2/POST

  10. Default Relay State: Set it to https:///clarity/#/signin/sso

  11. Attribute Statements: Configure as needed. These are the attributes which show up as part of SAML assertion posted to the Platform9 environment. They can be used to create mappings in OpenStack. These mappings provide a way to associate Okta users to resources in OpenStack. At a minimum, the attributes FirstName and LastName of the user are needed.

That is it! Once you grant permissions to Okta users as described herearrow-up-right, they can start using Platform9 based OpenStack cloud right away.

PreviousAuthentication Saml AdfsNextAuthentication Saml Gsuite

Last updated

Was this helpful?