Okta SAML Integration

This document covers the setup of the SAML (Security Assertion Markup Language) federation between Nile (Okta) as a Service Provider (SP) and Okta as an Identity Provider (IdP).

Login to your Okta portal



Go to Applications > Applications page

In the Create a new app integration, select SAML 2.0:

Click the Create App Integration button

Scroll down the same page and add ‘Attribute Statements’ for the following as per the illustrated screenshot:

In the SAML Settings section, fill out dummy placeholders for the ‘Single sign on URL’ and ‘Audience URI’:

In the Create SAML Integration, enter an appropriate name for the application and click Next:

Take note of the following Identity Provider URLs and then click on the Download certificate button to save the X.509 certificate:

Go to the Sign On tab on the same page and click The View SAML setup instruction button to display important parameters that will be used in the Nile Portal Provider configuration:

Go to the Assignments tab and assign users and groups to the application to complete the App Integration setup:

Click Next and select the following options to finish the setup:

Scroll down further on the same page and add “Group Attribute Statements’ for the following:

IdP Single Sign-on URL: https://dev-33770651.okta.com/app/dev-33770651_nileoktasamlapp_1/exk6ujkvecEQz9YKb5d7/sso/saml



Go to the next section to collect the parameters needed by the Okta app, and complete Nile Portal configuration.

IdP Issuer: http://www.okta.com/exk6ujkvecEQz9YKb5d7

NOTE

Note: An Okta group named ‘NileAdmin’ assigned to the user and application has been previously created to be returned as a value to the ‘memberOf’ attribute.

Click on ADD A NEW PROVIDER and fill out the form as follows:

Login now to the Nile Portal with the same Okta administrator at https://www.nile-global.cloud, and navigate to Settings -> Global Settings -> Identity page:

On the same form, click on SELECT CERTIFICATE to upload the okta.cert certificate downloaded earlier

Add two group rules to assign a Nile Portal group to the user by evaluating the ‘memberOf’ attribute value coming in the SAML assertion:

Click the ADD GROUP RULE button to display the ADD rule form:

Fill out the form as shown below to setup the group mapping attribute and click the SAVE button:

Click the ADD GROUP MAPPING button to configure the group mapping attribute:

Click the Group Rules tab to proceed with group mapping:

Click the SUBMIT button to complete adding the Okta provider:

In this example: You will need to copy and paste the below URLs in the next step

Location = “https://login.u1.nile-global.cloud/sso/saml2/0oa6ukka1wsFVvTQr5d7” entityID = ”https://www.okta.com/saml2/service-provider/spxwtsbbcwrugshwfckm”

Search the Metadata.xml file for the entityID and Location string values:

Go to the Providers tab and click the down arrow button present on the right side of the created identity provider bar, and click on the METADATA download button at the bottom to download the metadata file. Use the information to complete the Okta App creation:

Activate the group rules by clicking the INACTIVE button:

Click SAVE to complete the rules addition:

NOTE

Note: You may have to change the upload file type to “all files” in order to get the certificate file uploaded



Click the Edit button and replace the dummy entries as follows: Single Sign On URL: Location Audience URI: entityID

Go back to the Okta portal and open the Nile-Okta-SAML-app:

Login to the Nile Portal

Go to the Settings -> Wireless page to create the PSK SSO SSID:

Click the SAVE button to complete the PSK-SSO SSID creation