Skip to main content

Privacera Documentation

Okta setup for SAML-SSO on PrivaceraCloud

Okta is a third-party identity provider, offering single sign-on (SSO) authentication and identity validation services for a large number of Software-as-a-Service providers. PrivaceraCloud works with Okta's SAML (Security Assertion Markup Language) interface to provide an SSO/Okta login authentication to the PrivaceraCloud portal. For more information, see Okta setup for SAML-SSO on PrivaceraCloud.

Integration with Okta begins with configuration steps in the Okta administrator console. These steps also generate a PrivaceraCloud account-specific identity_provider_metadata.xml file and an Identity Provider URL that are used in the PrivaceraCloud Okta/SSO configuration steps.

Note

To use Okta SSO with PrivaceraCloud, you must have already established an Okta SSO service account. The following procedures require Okta SSO administrative login credentials.

Generate an Okta Identity Provider Metadata File and URL

  1. Log in to your Okta account as the Okta SSO account administrator.

  2. Select Applications from the left navigation panel, then click Applications subcategory.

  3. From the Applications page, click Create App Integration.

    Note

    In addition to creating new applications you can also edit existing apps with new configuration values.

  4. Select SAML 2.0, then click Next.

  5. In General Settings, provide a short descriptive app name in the App name text box. For example, enter Privacera Portal SAML for SAML-SSO. Or, SaaS SAML RelayState for an IDP initiated SSO with RelayState.

  6. Click Next.

  7. In the SAML Settings configuration page, enter the values as shown in the following table:

    Field

    Value

    Single sign on URL

    https://yourhostname.com/SingleSignOnService/receiveResponse

    Audience URI (SP Entity ID)

    privacera_portal

    Default RelayState

    If you choose to enlist this feature it will be your 14-digit PrivaceraCloud Account ID number

    Name ID format

    Unspecified

    Application username

    Okta username

    UserID

    user.login

    Email

    user.email

    Firstname

    user.firstName

    LastName

    user.LastName

    The Default RelayState value identifies a specific application resource in an IDP initiated SSO scenario. In most cases this field will be left blank.

  8. Click Next.

  9. Select the Feedback tab and click I'm an Okta customer adding an internal app.

  10. Click Finish.

  11. From the General tab, scroll down to the App Embed Link section. Copy the Embed Link (Identity Provider URL) for PrivaceraCloud.

IdP provider metadata

In this topic, you will learn how to generate and save IdP provider metadata in XML format.

  1. Go to Sign On tab.

    > Settings, select the Identity Provider Metadata link located at the bottom of the Sign on methods area. The configuration file will open in a separate window.

  2. In the SAML Signing Certificates section, click the Generate new certificate button.

  3. In the list, click the Actions dropdown and select View IdP metadata.

    The XML file will be opened in a new tab.

    Note

    Make sure that the certificate you are downloading has an active status.

  4. Save the file in XML format.

Idp initiated SSO

  1. From Applications, login to the Okta Home Page Dashboard as a user by selecting the Okta Dashboard icon.

  2. Login toPrivaceraCloud by selecting the newly added app icon.