Okta

this document covers the setup of saml (security assertion markup language) federation between nile (okta) as a service provider (sp) and okta as identity provider (idp), for the purpose of leveraging nile wired and wireless sso requirements administrator rights to the nile portal administrator rights to okta the same nile portal administrator needs to be an okta user configure okta groups sign in to okta portal navigate to directory > groups on the side menu click on add group to add a new group ‘nileadmin’ similarly, add another group called ‘nilemonitor’ okta people navigate to directory > people on the side menu click on add person to add a new user add a person as illustrated edit the person’s profile and add their mobile number, as it is a nile sso requirement that okta users pass the following non empty attributes to nile via saml first name, last name, email and mobile phone assign that person to the ‘nileadmin’ group, only if a nile portal admin access is desired okta app setup sign in back to okta portal navigate to applications > applications page on the side menu click the create app integration button select the saml 2 0 radio button, and click next on the create saml integration page, under general settings , type an app name , and click next, as illustrated under configure saml > saml settings , enter dummy placeholders for the two parameters ‘single sign on url’ and ‘ audience uri’ , as illustrated scroll down the same page and add five (5) attributes under attribute statements firstname, lastname, displayname, mail and mobile , as illustrated scroll down further and add one attribute ‘ memberof ’ under group attribute statements , that contains the string ‘nile’ that will match the okta group ‘nileadmin’ previously created, and click next under feedback , select the illustrated options below and click finish to complete the saml app go to the assignments tab, select ‘nileadmin’ group in groups and click the assign button go to the sign on tab on the same page locate and click on view saml setup instructions to display parameters relevanr to the nile portal provider configuration two actions are to be taken 1\ copy and safeguard the following parameters to be pasted in the upcoming nile portal provider configuration identity provider single sign on url identity provider issuer in this document, a sample of those parameters is provided for illustration only 2\ download the x 509 certificate file by clickin the download certificate button nile portal identity provider setup log in to the nile portal with the same okta administrator at https //www nile global cloud navigate to global settings > identity to access the providers page click on add a new provider to start configuring okta as an idp fill out the 'add a new provider' form from the okta data saved in the previous step idp issuer uri \<identity provider issuer> idp sso url \<identity provider single sogn on url> destination url \<identity provider single sogn on url> idp certificate copy and paste the contents of the x 509 certificate previously downloaded click submit button to complete adding okta as an idp provider click on the metadata button to download the xml metadata file open the downloaded metadata file with a text editor and collect the entityid and location their values will be used to replace the dummy parameters in the okta app and complete its setup for illustration purposes, here is an example of such parameters entityid https //www okta com/saml2/service provider/sptticcpcztszhxuqqqs location https //dev 344858 okta com/sso/saml2/0oa1iwzz0gkku6ndn358 the following steps will configure nile portal group rules to map okta groups to nile portal groups click on the group rules tab, then click on the add group mapping button to create a ‘memberof’ group mapping rule add the ‘memberof' string in both the ‘friendly name’ and ’external name’ fields, and select the ‘type’ as array from the dropdown list, as illustrated click the save button to complete the group mapping click on the add group rule link to start creating group rules create two rules for the nile administrator and nile monitor once the two rules are created, click the inactive button for each rule to change it to active second pass at the okta app setup log in back to the okta portal open the ‘nile okta saml app’ in the general tab, scroll down to the saml settings section and click the edit button in general settings section, click next in configure saml section, replace the dummy entries as follows single sign on url \<nile portal location > check off the option to ‘ use this for recipient url and destination url ’ audience uri \<nile portal entityid > scroll down to the bottom of the page and click next in the feedback section, click finish to complete editing the okta saml app psk sso ssid setup login to nile portal url https //www nile global cloud https //www nile global cloud go to network setup > segments tab page to create the psk sso segment click on the '+' to add a new segment type a meaningful segment name (demo psk sso) click the service area tab and click on select service areas to select the appropriate site and/or building, then click ok to continue select the dhcp server and subnet click the save button to complete the addition of the new segment go to the network setup > wireless page to create the psk sso ssid click on the '+' to add a new ssid select the following type personal (radio button) name type the desired ssid name security select wpa2 from pull down list enable sso click checkbox to checked passkey enter the pre shared key segments select the previously created demo psk sso segment from the pull down list click the save button to complete the psk sso ssid creation