Integrations
Okta
28min
This document covers the setup of SAML (Security Assertion Markup Language) federation between Nile (Okta) as a Service Provider (SP) and Okta as Identity Provider (IdP), for the purpose of leveraging Nile wired and wireless SSO.
- Administrator rights to the Nile Portal.
- Administrator rights to Okta.
- The same Nile Portal administrator needs to be an Okta user.
- Sign-in to Okta portal
- Navigate to Directory > Groups on the side menu
- Click on Add group to add a new group ‘NileAdmin’
- Similarly, add another group called ‘NileMonitor’
- Navigate to Directory > People on the side menu
- Click on Add person to add a new user
- Add a person as illustrated
- Edit the person’s profile and add their mobile number, as it is a Nile SSO requirement that Okta users pass the following non-empty attributes to Nile via SAML: first name, last name, email and mobile phone
- Assign that person to the ‘NileAdmin’ group, only if a Nile Portal admin access is desired.
- Sign-in back to Okta portal
- Navigate to Applications > Applications page on the side menu
- Click the Create App Integration button
- Select the SAML 2.0 radio button, and click Next
- On the Create SAML Integration page, under General Settings, type an App name, and click Next, as illustrated
- Under Configure SAML > SAML Settings, enter dummy placeholders for the two parameters: ‘Single sign on URL’ and ‘Audience URI’, as illustrated
- Scroll down the same page and add five (5) attributes under Attribute Statements: firstName, lastName, displayName, mail and mobile, as illustrated
- Scroll down further and add one attribute ‘memberOf’ under Group Attribute Statements, that contains the string ‘Nile’ that will match the Okta group ‘NileAdmin’ previously created, and click Next
- Under Feedback, select the illustrated options below and click Finish to complete the SAML app
- Go to the Assignments tab, select ‘NileAdmin’ group in Groups and click the Assign button
- Go to the Sign On tab on the same page. Locate and click on View SAML setup instructions to display parameters relevanr to the Nile Portal Provider configuration
- Two actions are to be taken:
1. Copy and safeguard the following parameters to be pasted in the upcoming Nile Portal Provider configuration: Identity Provider Single Sign-On URL Identity Provider Issuer In this document, a sample of those parameters is provided for illustration only
2. Download the X.509 certificate file by clickin the Download certificate button
- Log in to the Nile Portal with the same Okta administrator at https://www.nile-global.cloud
- Navigate to GLOBAL SETTINGS -> Identity to access the Providers page
- Click on ADD A NEW PROVIDER to start configuring Okta as an IdP
- Fill out the 'Add a new provider' form from the Okta data saved in the previous step: IdP Issuer URI: <Identity Provider Issuer> IdP SSO URL: <Identity Provider Single Sogn-On URL> Destination URL: <Identity Provider Single Sogn-On URL> IdP Certificate: Copy and paste the contents of the X.509 certificate previously downloaded
- Click SUBMIT button to complete adding Okta as an IdP provider
- Click on the METADATA button to download the xml metadata file
- Open the downloaded metadata file with a text editor and collect the entityID and Location Their values will be used to replace the dummy parameters in the Okta app and complete its setup. For illustration purposes, here is an example of such parameters: entityID: https://www.okta.com/saml2/service-provider/sptticcpcztszhxuqqqs Location: https://dev-344858.okta.com/sso/saml2/0oa1iwzz0gkku6ndn358
The following steps will configure Nile Portal Group rules to map Okta groups to Nile Portal groups:
- Click on the Group Rules tab, then click on the ADD GROUP MAPPING button to create a ‘memberOf’ Group Mapping rule
- Add the ‘memberOf' string in both the ‘Friendly name’ and ’External name’ fields, and select the ‘Type’ as ARRAY from the dropdown list, as illustrated:
- Click the SAVE button to complete the GROUP MAPPING
- Click on the ADD GROUP RULE link to start creating group rules
- Create two rules for the Nile Administrator and Nile Monitor:
- Once the two rules are created, click the INACTIVE button for each rule to change it to ACTIVE:
- Log in back to the Okta portal
- Open the ‘Nile -Okta-SAML-app’
- In the General tab, scroll down to the SAML Settings section and click the Edit button
- In General Settings section, click Next
- In Configure SAML section, replace the dummy entries as follows: Single Sign On URL: <Nile Portal Location> Check off the option to ‘Use this for Recipient URL and Destination URL’ Audience URI: <Nile Portal entityID>
- Scroll down to the bottom of the page and click Next
- In the Feedback section, click Finish to complete editing the Okta SAML app
- Go to NETWORK SETUP -> Segments tab page to create the PSK SSO Segment:
- Click on the '+' to add a new segment
- Type a meaningful segment name (Demo PSK SSO)
- Click the Service area tab and click on SELECT SERVICE AREAS to select the appropriate site and/or building, then click OK to continue
- Select the DHCP server and Subnet:
- Click the SAVE button to complete the addition of the new segment
- Go to the NETWORK SETUP -> Wireless page to create the PSK SSO SSID
- Click on the '+' to add a new SSID
- Select the following: Type: Personal (radio button) Name: Type the desired SSID name Security: Select WPA2 from pull-down list Enable SSO: Click checkbox to Checked Passkey: Enter the Pre-shared key Segments: Select the previously created Demo-PSK-SSO segment from the pull-down list
- Click the SAVE button to complete the PSK-SSO SSID creation.
Updated 10 Apr 2025
Did this page help you?