Create a new application in Okta
Import Active Directory (AD) users and groups into Okta
Before you begin
To authenticate with Okta, you need to create an internal application in Okta and configure SAML.
- In Okta, navigate to the Applications tab and click Applications.
- Click Add application > Create new app.
- In the dialog, select SAML 2.0 as the sign on method.
- Click Create.
- In the General Settings, enter an application name and add an optional logo.
- In the App visibility section, make sure the options are deselected so the application is visible to end users within their Okta portals.
- Click Next.
On the SAML Settings page, enter this URL into the Single sign on URL and
Audience URI fields:
where <hostname> is that hostname that you plan to use for the identity provider in ETP. This hostname is used for the URL of the login portal.
- In the Name ID format menu, select EmailAddress.
Click Show Advanced Settings. Apply these
- In the Response menu, select Signed.
- In the Assertion Signature menu, make sure Signed is selected.
- In the Assertion Encryption menu, select Signed.
- In the Authentication context class menu, select PasswordProtectedTransport.
- Do not enter settings into the ATTRIBUTE STATEMENTS (OPTIONAL) area.
In the GROUP ATTRIBUTE STATEMENTS (OPTIONAL) area, enter this information:
In the Group Name field, enter
- Do not specify a group filter. Leave the filter field blank.
- In the Group Name field, enter
- Click Next.
- Confirm that the app you’re creating is internal.
- Click Finish. After the Okta application is created, click the Identity Provider metadata link to download the metadata.xml file.
- Assign imported users or groups
to the application your created:
- In the Assignment tab of the application you added, click Assign.
- Select Assign to People or Assign to Groups.
- Enter the people or groups that you want to authenticate with the Okta IdP.
- Click Assign.
- Verify the attributes, and click Save and Go Back.
- Click Done.
- Add Okta as an identity provider