Complete this procedure to add Okta as an
identity provider in ETP. Note: This setup might fail without parameter values that are
customized for your organization. Use the Okta Administrator Dashboard to add an
application and view the values that are specific for your
organization.
How to
-
In the navigation menu, select
.
Note: If you are trying the new
Enterprise Center interface, in the navigation menu, select .
-
Click the plus sign icon
-
Configure basic identity provider settings:
-
In the Name and Description fields, enter a name and description of
the IdP.
-
In the Provider Type menu, select Okta.
-
Click Continue.
-
Complete the identity provider general settings:
-
Go to the General settings section or click the
General tab.
-
For Identity Intercept,
select Use Akamai
domain.
-
Enter an external hostname that you want to use for the URL of the
login portal.
-
In the Akamai Cloud
Zone, select a cloud zone that is closest to the user base.
-
In the Session section, use the default settings for the Session Idle Expiry,
Limit Session Life, and Max Session Duration fields.
-
In the authentication configuration area:
-
Go to the Authentication section or click the
Authentication tab.
-
In the URL, enter the Okta subdomain.
-
In the Logout URL, copy and paste this URL into this field. To get this
information, you need to sign in to the Okta Admin Dashboard to generate
this variable.
-
If Okta requires a
signed SAML request, select Sign SAML request to
send the signed SAML assertion to Okta.
-
If Okta sends encrypted SAML responses to ETP, select this
Encrypted SAML response checkbox to use
certificates to encrypt responses. In the Certificate for IDP
to encrypt responses field, use the provided certificate
that’s required to encrypt responses.
-
Upload the metadata.xml file that you downloaded from Okta. Click
Choose File and then select the file.
-
In the Advanced Settings, select Enable Authorization.
-
Click Save.
Next steps
- Download and deploy an identity connector. For more information, see Create and download an identity connector
- Add the directory to ETP. As part of this process, make sure you assign the
identity connector you created to the directory. For more information, see Add a directory.
- Assign AD to the Okta identity provider