Add Okta as an identity provider

Complete this procedure to add Okta as an identity provider in ETP.
Note: This setup might fail without parameter values that are customized for your organization. Use the Okta Administrator Dashboard to add an application and view the values that are specific for your organization.

How to

  1. In the navigation menu, select Identity > Identity Providers.
    Note: If you are trying the new Enterprise Center interface, in the navigation menu, select Identity & Users > Identity Providers.
  2. Click the plus sign icon
  3. Configure basic identity provider settings:
    1. In the Name and Description fields, enter a name and description of the IdP.
    2. In the Provider Type menu, select Okta.
    3. Click Continue.
  4. Complete the identity provider general settings:
    1. Go to the General settings section or click the General tab.
    2. For Identity Intercept, select Use Akamai domain.
    3. Enter an external hostname that you want to use for the URL of the login portal.
    4. In the Akamai Cloud Zone, select a cloud zone that is closest to the user base.
  5. In the Session section, use the default settings for the Session Idle Expiry, Limit Session Life, and Max Session Duration fields.
  6. In the authentication configuration area:
    1. Go to the Authentication section or click the Authentication tab.
    2. In the URL, enter the Okta subdomain.
    3. In the Logout URL, copy and paste this URL into this field. To get this information, you need to sign in to the Okta Admin Dashboard to generate this variable.
    4. If Okta requires a signed SAML request, select Sign SAML request to send the signed SAML assertion to Okta.
    5. If Okta sends encrypted SAML responses to ETP, select this Encrypted SAML response checkbox to use certificates to encrypt responses. In the Certificate for IDP to encrypt responses field, use the provided certificate that’s required to encrypt responses.
    6. Upload the metadata.xml file that you downloaded from Okta. Click Choose File and then select the file.
  7. In the Advanced Settings, select Enable Authorization.
  8. Click Save.

Next steps

  1. Download and deploy an identity connector. For more information, see Create and download an identity connector
  2. Add the directory to ETP. As part of this process, make sure you assign the identity connector you created to the directory. For more information, see Add a directory.
  3. Assign AD to the Okta identity provider