Okta SAML integration guide (Org2Org) (2024)

Table of Contents
Step 1: Set up your identity provider Create the Okta SAML integration application Modify the application user profile Step 2: Create a group and assign the application Create the group Assign users to the group Assign application to the group Editing the mapping field for the group Editing the mapping field for a specific user Step 3: Configure SAML support in Redis Cloud Sign in to Redis Cloud Activate SAML in access management IdP-initiated SSO Return to Redis Cloud console FAQs

This integration guide shows how to set up Okta as a SAML single sign on provider for your Redis Cloud account.

This guide shows how to configure Okta as a SAML single sign-on identity provider (IdP) for your Redis Cloud account.

This guide shows how to use the Org2Org application template. You can also use the Generic application template.

To learn more about Redis Cloud support for SAML, see SAML single sign-on.

Step 1: Set up your identity provider

Create the Okta SAML integration application

Create an Okta "Org2Org" SAML integration appliction.

  1. Sign in to the Okta admin console.

  2. From the left menu, select Applications.

  3. Select Browse App Catalog.

  4. Locate and select Okta Org2Org.

  5. Once you have found the application, click "Add".

  6. Enter this field for the Org2Org application General Settings section and select Next:

    • Application label: Redis Cloud

  7. Enter the following fields in the Sign-On Options > Attributes section:

    • Name: redisAccountMapping
    • Name Format: Basic
    • Value: appuser.redisAccountMapping

  8. Next, select View Setup Instructions. A new browser window opens, providing the information needed to configure the IdP in Redis Cloud.

  9. Scroll down to section 6 in the page, and note the following information:

    • IdP Issuer URI
    • IdP Single Sign-On Url
    • IdP Signature Certificate: Click the link and download the certificate to your hard drive

    Once you capture the information, close the window, return to the Okta admin console, and select Done.

Modify the application user profile

  1. In the left menu, select Directory > Profile Editor, then select Redis Cloud User.

  2. Select Add Attribute to add a custom attribute to the user profile and specify the Redis Cloud role.

  3. Add this information for the new custom attribute:

    • Data type: string array
    • Display name: redisAccountMapping
    • Variable nam: redisAccountMapping
    • Description: redisAccountMapping
    • Attribute required: Yes
    • Group priority: Combine values across groups

  4. Once you add the attribute, it appears in the list of profile attributes.

  5. Add a Redis Cloud icon to the application because it's easier for users to identify the application. Select the pencil icon on the application logo and upload a Redis image using these steps:

Step 2: Create a group and assign the application

Now that our SAML IdP is configured, create an Okta group and assign the Redis Cloud application.

Create the group

  1. In the left menu, select Directory > Groups, then select Add group.

  2. Enter Name and Description.

Assign users to the group

  1. Select the group, then select Assign people.

  2. For each user you want to add to the group, highlight the user in the table and select +. You can also add all users by selecting Add all. After you add all the users to your group, select Save.

Assign application to the group

Now that your group is populated with its users, assign the SAML integration application to your group.

  1. From the menu, select Applications > Applications > Redis Cloud. Then, select Assign to groups.

    See Also
    Konfigurieren der einmaligen Anmeldung in Control Hub mit Okta

  2. In the Redis Cloud User Group, select Assign.

  3. Now, define the Redis account mapping string default for this group and select Save and go back. The key-value pair consists of the lowercase role name (owner, member, manager, billing_admin, or viewer) and your Redis Cloud Account ID found in the account settings. Select "Done".

    The mapping field is now defined as a default for each member of the group.

Editing the mapping field for the group

To modify the Redis mapping field, select the pencil icon of the Redis Cloud group in the "Redis Cloud" application screen.

You can modify the mapping field for the whole group on the edit screen that appears.

Editing the mapping field for a specific user

To override the Redis mapping field at an individual user level, select the People menu, then select the pencil icon of the person whos field you want to modify.

Set the user's Assignment master to Administrator to enable group policy overrides. Select Save.

The user's Type is set to Individual.

On the screen that appears, select the pencil icon of the user to modify the Redis mapping field.

Step 3: Configure SAML support in Redis Cloud

Now that you have a test IdP server and your user group ready, configure support for SAML in Redis Cloud.

Sign in to Redis Cloud

Sign in to your account on the Redis Cloud console.

Activate SAML in access management

To activate SAML, you must have a local user (or social sign-on user) with the owner role. If you have the correct permissions, the Single Sign-On tab is enabled.

  1. Add the information you saved previously in the setup form (step 1), including:

    • Issuer (IdP Entity ID): Required
    • IdP server URL: Required
    • Assertion signing certificate: Drag and drop the file you downloaded to disk in the form text area.

  2. Select Enable and wait a few seconds for the status to change. Then, download the service provider (SP) metadata. Save the file to your local hard disk.

  3. Open the file in any text editor. Save the following text from the metadata:

    • EntityID: Unique name of the service provider (SP)
    • Location: Location of the assertion consumer service

  4. Return to Okta, select Applications > Redis Cloud > General, then select Edit.

  5. Update this information in Advanced Sign-on Settings.

    • Hub ACS URL: Use the information that you copied for Location.
    • Audience URI: Use the information that you copied for EntityID.

Select Save.

IdP-initiated SSO

To use IdP-initiated SSO with identity providers, set the RelayState parameter to URL https://app.redislabs.com/#/login/?idpId=<ID>.

Note:

Replace <ID> so it matches the AssertionConsumerService Location URL ID (the content after the last forward slash "/"). To learn more about configuring service provider applications, see your identity provider's documentation.

Return to Redis Cloud console

  1. Return to Redis Cloud console and select Activate.

    A popup appears, explaining that, to test the SAML connection, you need to log in with Okta credentials of the user defined in the Redis Cloud group. This user is part of the group to which you assigned the Redis Cloud application.

  2. The Okta log-in screen appears. Enter the credentials and select Sign In.

  3. If the test succeeds, the next screen appears. Your local account is now considered a SAML account. Going forward, to log in to Redis Cloud console, select Sign in with SSO.

  4. Enter your SAML email and select Login

You have successfully configured SAML as an identity provider.

Okta SAML integration guide (Org2Org) (2024)

FAQs

Okta SAML integration guide (Org2Org)? ›

Org2Org is an application on the OIN that guides you through the federation process with another Okta tenant. Org2Org uses SAML for the SSO integration and you can use JIT for provisioning. It also allows other features like integration via the API for provisioning, though this is optional.

Learn More Now
How to integrate SAML application in Okta? ›

Create an integration
  1. Select I'm an Okta customer adding an internal app.
  2. Select This is an internal app that we have created. However, if your app requires more SAML configuration instructions to work with Okta, select It's required to contact the vendor to enable SAML. ...
  3. Click Finish.

Get More Info Here
How to configure Okta Org2Org? ›

Configure federation between orgs
  1. In the source org, open the Admin Console and go to ApplicationsApplications.
  2. Click Browse App Catalog.
  3. In the search field, enter Org2Org, and then select Okta Org2Org.
  4. Click Add Integration.
  5. Complete the fields on the General Settings page, and then click Next.

Continue Reading
What is Org2Org? ›

Org2Org is an application on the OIN that guides you through the federation process with another Okta tenant. Org2Org uses SAML for the SSO integration and you can use JIT for provisioning. It also allows other features like integration via the API for provisioning, though this is optional.

Explore More
Is Okta SAML 2.0 compliant? ›

Okta can integrate with SAML 2.0 applications as an IdP that provides SSO to external applications. Okta also supports MFA prompts to improve your application security.

Show Me More
How do I integrate my application with Okta? ›

In the Admin Console, go to ApplicationsApplications. Click Browse App Catalog. Enter the name of the app integration in the Search field, click the application tile, and click Add.

Learn More Now
How to implement SSO using SAML? ›

Implementation of SAML SSO follows 5 simple steps outlined in detail below.
  1. Step 1: Exchange of metadata information. ...
  2. Step 2: Identity provider configuration. ...
  3. Step 3: Enable SAML in Configuration. ...
  4. Step 4: Test the single sign-on connection. ...
  5. Step 5: Go live.
Jan 29, 2024

Discover More Details
How do I create an OIDC app integration with Okta? ›

Task 1: Launch the Wizard
  1. In the Admin Console, go to ApplicationsApplications.
  2. Click Create App Integration.
  3. To create an OIDC app integration, select OIDC - OpenID Connect as the Sign-in method.
  4. Choose the type of application to integrate with Okta. ...
  5. Click Next.

Read On
How do I enable API integration in Okta? ›

Under Enable scopes, click + Add Another to specify a scope for your app integration.
  1. Enter the Okta API scope to grant access from your integration. See Scope selection.
  2. Click + Add Another and specify more scopes you want to grant for your integration.

Read More
How do I set up Okta Verify on another device? ›

Start this task
  1. Start on the device where you already have an Okta Verify account. ...
  2. Install Okta Verify on your new Android device.
  3. Open the app, and then tap Add account from another device and follow the instructions.
  4. Set up the account. ...
  5. Confirm that you're pairing the right devices.

Read The Full Story

Is SAML 2.0 outdated? ›

SAML 2.0 was introduced in 2005 and remains the current version of the standard. The previous version, 1.1, is now largely deprecated.

Show Me More
Is Okta SAML or OAuth? ›

Okta acts as the SAML IdP and uses SSO and MFA to authenticate the user. Okta returns an assertion to the client applications through the end user's browser. The client applications validate the returned assertion and allow the user access to the client application.

See Details
What is the difference between SAML 2.0 and OpenID? ›

In SAML, the user is redirected from the Service Provider (SP) to the Identity Provider (IDP) for sign in. In OpenID Connect, the user is redirected from the Relying Party (RP) to the OpenID Provider (OP) for sign in. The SAML SP is always a website.

View More
How do I integrate apps with SSO? ›

Build your integration
  1. Determine a suitable OAuth 2.0 flow to use based on your app type.
  2. Determine the scopes that you require for your OIDC client (your app).
  3. Consider how your app stores customer client credentials.
  4. Understand how to validate tokens in your OIDC client. ...
  5. Implement credential rotation in your app.

Learn More
How do I add SAML to my web application? ›

Identify the application with which you want to use a SAML2 Web Application, and click the Application's name to go to its configuration settings. Go to the Addons tab. In the SAML2 Web App box, click the slider to enable the Addon.

Know More
What are the SSO integration options for Okta? ›

The four main SSO protocols supported by Okta:
  • OpenID Connect (OIDC). See OIDC app integrations.
  • Security Authentication Markup Language (SAML). See SAML app integrations.
  • Secure Web Authentication (SWA). See SWA app integrations.
  • WS-Federation (WS-Fed). See WS-Fed app integrations.

Read On
How do I register an application with Okta? ›

Create a policy for self-registration:
  1. Open the Admin Console for your org.
  2. Go to Security > Profile Enrollment, and click Add Profile Enrollment Policy.
  3. Enter a policy Name, and click Save.
  4. Click the pencil icon next to your new policy.
  5. Ensure that Self-service registration is set to Allowed.
  6. Click Manage apps.

Read More
Top Articles
My Five Favorite Sakara Life Breakfast Recipes
40 Vegan Dinner Recipes You'll Love! - Karissa's Vegan Kitchen
Exotic Kitty Gentleman's Club Photos
UofL Health MyChart - Learn More About Bringing Your Health Information Together
Peoplecenter Ultipro Login Cheesecake Factory
Unblocked Games Btd
📣 | VIP RØØM - @viproomzoom
Pnp zoom rooms Telegram Channels, Groups and Bots
TamilBlasters Proxy: Quick Unblock & Try Its Alternatives Sites - Moviden
TamilRockers Proxy and Mirror Sites and Unblocked - Twit Directory
Shai Weiss: the Virgin Atlantic boss taking flight again after the pandemic
بلیط اتوبوس 724
Latest Posts
Easy Irish Soda Bread Recipe
Cranberry co*cktail Meatballs Recipe
Article information

Author: Lilliana Bartoletti

Last Updated:

Views: 5880

Rating: 4.2 / 5 (53 voted)

Reviews: 92% of readers found this page helpful

Author information

Name: Lilliana Bartoletti

Birthday: 1999-11-18

Address: 58866 Tricia Spurs, North Melvinberg, HI 91346-3774

Phone: +50616620367928

Job: Real-Estate Liaison

Hobby: Graffiti, Astronomy, Handball, Magic, Origami, Fashion, Foreign language learning

Introduction: My name is Lilliana Bartoletti, I am a adventurous, pleasant, shiny, beautiful, handsome, zealous, tasty person who loves writing and wants to share my knowledge and understanding with you.