search

Set up Okta for SSO

Set up seamless Single Sign-On (SSO) integration between Okta and Private Cloud Director (PCD) using SAML 2.0. This guide walks you through configuring Okta, managing user assignments, and verifying s

Set up Single Sign-On (SSO) integration between Okta and Private Cloud Director (PCD). You will configure an Okta SAML 2.0 application and connect it to your PCD deployment for seamless user authentication.

circle-info

NOTE

Only 5 active applications are allowed in Okta. Deactivate unused applications before creating new integrations.

hashtag
Step 1: Create Okta SAML application

This step guides you through creating a new SAML 2.0 application integration in Okta.

  1. Log in to your Okta server and navigate to Applications. Verify you have fewer than 5 active applications. If needed, deactivate unused applications.

  2. Select Create App Integration.

  1. Select SAML 2.0 as the sign-on method.

  1. Select Next to proceed to the general settings.

hashtag
Step 2: Configure SAML settings

Configure the basic SAML integration settings for your PCD deployment.

  1. On General Settings, enter a descriptive application name.

  2. Select Next to proceed to SAML configuration.

  1. In Configure SAML, enter the following required information:

circle-info

NOTE

Replace <FQDN>with your PCD environment without any regions. Use IDP1 for the default domain, or substitute your specific domain name for <DOMAIN_NAME> .

Field
Description

Single sign-on URL

https://<FQDN>/sso/<DOMAIN_NAME>/Shibboleth.sso/SAML2/POST<br> Example: https://test-du-testbed-only-3950700.app.qa-pcd.platform9.com/sso/IDP1/Shibboleth.sso/SAML2/POST

Use this for Recipient URL and Destination URL

Select this checkbox

Audience URI (SP Entity ID)

https://<FQDN>/keystone<br> Example: https://test-du-testbed-only-3950700.app.qa-pcd.platform9.com/keystone

Default RelayState

Leave blank

Name ID format

EmailAddress

Application Username

Okta Username

Update application username on

Create and update

hashtag
Step 3: Set up attribute statements

Add attribute statements to pass user information from Okta to PCD .

  1. Optionally, you can choose to update the Attribute Statements by adding the following mappings.

Name
Name Format
Value

FirstName

Unspecified

user.firstName

LastName

Unspecified

user.lastName

Email

Unspecified

user.email

  1. Select Next to continue.

  2. In Feedback, select Finish to complete the application setup.

You will be redirected to the application Sign On Settings, which displays the Issuer and Metadata URL needed for PCD configuration.

hashtag
Step 4: Assign users to the application

Grant users access to the SAML application in Okta.

  1. Navigate to the Assignments tab in your application.

  2. Select Assign, then select Assign to People.

  3. Select the users to give access to PCD through SSO.

  4. Choose Assign to complete the user assignment.

The Okta configuration is now complete.

hashtag
Step 5: Configure SSO in PCD

Connect your PCD deployment to the Okta SAML application.

  1. Log in to your PCD deployment using the DU FQDN for your target region.

  2. Navigate to Settings > Enterprise SSO.

  3. Select Enable SSO.

  1. Select Okta as your SSO Provider.

  2. Copy the Issuer from your Okta application Sign On and paste it in the Entity ID field.

  3. Copy the Metadata URL from your Okta application Sign On tab and paste it in the SAML Metadata URL field.

  4. Add the following XML configuration in the SSO Provider Attribute MAP field:

  1. Select Save to create the configuration.

You will see a confirmation message as SSO configuration saved.

hashtag
Step 6: Create SAML groups and mappings

Set up SAML groups to manage user permissions and role assignments in PCD.

  1. Create a new SAML group with the following settings:

Field
Value

Name

Enter a descriptive group name

Description

Provide a clear description

SAML Attribute Key for User's First Name

FirstName

SAML Attribute Key for User's Last Name

LastName

SAML Attribute Key for User's Email

Email

  1. Add a group mapping with these configurations.

Field
Value

SAML Group Attribute

Email

Criteria

Any one of

SAML Group Values

Enter email addresses that match user assignments in your Okta application (for example: [email protected], [email protected])

  1. Assign roles and tenants from Tenants & Roles, by configuring the following.

Role
Description

Admin

Full administrative access

SSU (Self-Service User)

Limited self-service access

ReadOnly

View-only access

  1. Select Add group to complete the SAML group setup.

hashtag
Step 7: Verify the SSO integration

Verify if your Okta SSO integration works correctly.

  1. Log out of your current PCD session.

  2. Navigate to your PCD environment URL to initiate a new login.

  3. The system redirects you to Okta for authentication.

  4. Enter your Okta credentials and complete any required multi-factor authentication (MFA).

Upon successful authentication, Okta redirects you back to PCD with the appropriate user permissions.

You have now successfully configured Okta SSO for PCD. Users can now access PCD using their Okta credentials with seamless single sign-on authentication.

PreviousSet up Microsoft Entra ID for SSONextPCD CLI - pcdctl

Last updated

Was this helpful?