How to enroll Flex Appliance as a service provider to Okta

Article: 100054009
Last Published: 2022-12-19
Ratings: 0 0
Product(s): Appliances


To enroll Flex Appliance as a service provider to Okta

  1. Sign in to the Okta Administrator console with administrator privileges.
  2. Under the Applications menu, click Applications.
  3. Click Create App Integration to start the Application Integration Wizard.
  4. Select SAML 2.0 as the Sign-in method and click Create.
  5. Enter a name for the appliance. For example, Veritas Flex Appliance.
  6. Enter the Single sign on URL as https://<flex appliance>/api/v1/single-signon/acs 
    and the Audience URI (SP Entity ID) as https://<flex appliance>/api/v1/single-signon/metadata.
  7. (Optional) Veritas recommends that you enable encryption for assertions. To do so, perform the following steps:
    1. Refer to to obtain the Flex Appliance authservice certificate in PEM format.
    2. Convert the certificate from PEM format to CRT format with the following command: openssl x509 -outform der -in authservice-ca.cert.pem -out veritasflexapp.crt
    3. Expand the Advanced Settings menu and upload the authservice certificate that you downloaded.
    4. Under Advanced Settings > Assertion Encryption, select Encrypted. Upload the Flex Appliance auth service certificate to specify the key to encrypt with.
  8. Under Attribute Statements (OPTIONAL), add the names and the values of the Active Directory attributes that you want to provide to the Okta application.
    1. Define the SAML attributes (Value field) that map to the userPrincipalName and the memberOf attributes in the AD or the LDAP directory (Name field).

      Note: When you add the IDP configuration to the Flex appliance, the values that you enter for the User and the Group fields must match the SAML attribute names (Value field) that are mapped to the userPrincipalName and the memberOf attributes in the AD or the LDAP directory (Name field). The userPrincipalName must be in email format.

      Attribute mappings map SAML attributes in the SSO with the corresponding attributes in the AD or the LDAP directory. The SSO attribute mappings are used to generate SAML responses, which are sent to the Flex Appliance.
  9. Click Next. On the Feedback page, select Help Okta Support understand how you configured this application.
  10. Select I'm an Okta customer adding an internal app and click Finish.
  11. On the Applications detail page, download the IDP metadata XML, which is required to configure the IDP on the appliance.
  12. On the Assignments tab, click Assign and select Assign to People or Assign to Groups.
  13.  Select the user and assign the required Access Control Policies. Select the user or the group and click Save and Go Back. Click Done
  14. Define the Access Control Policy by selecting the user groups based on the requirement of your organization.

To obtaining the Okta IDP metadata

  1. Navigate to Applications > Applications and select Sign On.
  2. Scroll down to SAML Signing Certificates. Find the certificate with an active status. Click Actions > View IdP metadata.
  3. The metadata URL opens in a new tab. Copy it and save it in an XML format. Use this file when you add the Okta IDP on your appliance.



Was this content helpful?