- PrivaceraCloud Release 4.5
- PrivaceraCloud User Guide
- PrivaceraCloud
- What is PrivaceraCloud?
- Getting Started with Privacera Cloud
- User Interface
- Dashboard
- Access Manager
- Discovery
- Usage statistics
- Encryption and Masking
- Privacera Encryption core ideas and terminology
- Encryption Schemes
- Encryption Schemes
- System Encryption Schemes Enabled by Default
- View Encryption Schemes
- Formats, Algorithms, and Scopes
- Record the Names of Schemes in Use and Do Not Delete Them
- System Encryption Schemes Enabled by Default
- Viewing the Encryption Schemes
- Formats, Algorithms, and Scopes
- Record the Names of Schemes in Use and Do Not Delete Them
- Encryption Schemes
- Presentation Schemes
- Masking schemes
- Create scheme policies on PrivaceraCloud
- Encryption formats, algorithms, and scopes
- Deprecated encryption formats, algorithms, and scopes
- PEG REST API on PrivaceraCloud
- PEG API Endpoint
- Request Summary for PrivaceraCloud
- Prerequisites
- Anatomy of a PEG API endpoint on PrivaceraCloud
- About constructing the datalist for /protect
- About deconstructing the response from /unprotect
- Example of data transformation with /unprotect and presentation scheme
- Example PEG REST API endpoints for PrivaceraCloud
- Audit details for PEG REST API accesses
- Make calls on behalf of another user on PrivaceraCloud
- Privacera Encryption UDF for masking in Databricks
- Privacera Encryption UDFs for Trino
- Syntax of Privacera Encryption UDFs for Trino
- Prerequisites for installing Privacera Crypto plug-in for Trino
- Variable values to obtain from Privacera
- Determine required paths to crypto jar and crypto.properties
- Download Privacera Crypto Jar
- Set variables in Trino etc/crypto.properties
- Restart Trino to register the Privacera Crypto UDFs for Trino
- Example queries to verify Privacera-supplied UDFs
- Azure AD setup
- Launch Pad
- Settings
- General functions in PrivaceraCloud settings
- Applications
- About applications
- Azure Data Lake Storage Gen 2 (ADLS)
- Athena
- Privacera Discovery with Cassandra
- Databricks
- Databricks SQL
- Dremio
- DynamoDB
- Elastic MapReduce from Amazon
- EMRFS S3
- Files
- File Explorer for Google Cloud Storage
- Glue
- Google BigQuery
- Kinesis
- Lambda
- Microsoft SQL Server
- MySQL for Discovery
- Open Source Spark
- Oracle for Discovery
- PostgreSQL
- Power BI
- Presto
- Redshift
- Redshift Spectrum
- Kinesis
- Snowflake
- Starburst Enterprise with PrivaceraCloud
- Starburst Enterprise Presto
- Trino
- Datasource
- User Management
- API Key
- About Account
- Statistics
- Help
- Apache Ranger API
- Reference
- Okta Setup for SAML-SSO
- Azure AD setup
- SCIM Server User-Provisioning
- AWS Access with IAM
- Access AWS S3 buckets from multiple AWS accounts
- Add UserInfo in S3 Requests sent via Dataserver
- EMR Native Ranger Integration with PrivaceraCloud
- Spark Properties
- Operational Status
- How-to
- Create CloudFormation Stack
- Enable Real-time Scanning of S3 Buckets
- Enable Discovery Realtime Scanning Using IAM Role
- How to configure multiple JSON Web Tokens (JWTs) for EMR
- Enable offline scanning on Azure Data Lake Storage Gen 2 (ADLS)
- Enable Real-time Scanning on Azure Data Lake Storage Gen 2 (ADLS)
- How to Get Support
- Coordinated Vulnerability Disclosure (CVD) Program of Privacera
- Shared Security Model
- PrivaceraCloud
- PrivaceraCloud Previews
- Privacera documentation changelog
Okta Setup for SAML-SSO
Okta is a third-party identity provider, offering single sign-on (SSO) authentication and identity validation services for a large number of Software-as-a-Service providers. PrivaceraCloud works with Okta's SAML (Security Assertion Markup Language) interface to provide an SSO/Okta login authentication to the PrivaceraCloud portal. For more information, see SAML - Activate SSO.
Integration with Okta begins with configuration steps in the Okta administrator console. These steps also generate a PrivaceraCloud account-specific identity_provider_metadata.xml file and an Identity Provider URL that are used in the PrivaceraCloud Okta/SSO configuration steps.
Note
To use Okta SSO with PrivaceraCloud, you must have already established an Okta SSO service account. The following procedures require Okta SSO administrative login credentials.
Generate an Okta Identity Provider Metadata File and URL
Log in to your Okta account as the Okta SSO account administrator.
Select Applications from the left navigation panel, then click Applications subcategory.
From the Applications page, click Create App Integration.
Note
In addition to creating new applications you can also edit existing apps with new configuration values.
Select SAML 2.0, then click Next.
In General Settings, provide a short descriptive app name in the App name text box. For example, enter Privacera Portal SAML for SAML-SSO. Or, SaaS SAML RelayState for an IDP initiated SSO with RelayState.
Click Next.
In the SAML Settings configuration page, enter the values as shown in the following table:
Field
Value
Single sign on URL
https://yourhostname.com/SingleSignOnService/receiveResponse
Audience URI (SP Entity ID)
privacera_portal
Default RelayState
If you choose to enlist this feature it will be your 14-digit PrivaceraCloud Account ID number
Name ID format
Unspecified
Application username
Okta username
UserID
user.login
Email
user.email
Firstname
user.firstName
LastName
user.LastName
The Default RelayState value identifies a specific application resource in an IDP initiated SSO scenario. In most cases this field will be left blank.
Click Next.
Select the Feedback tab and click I'm an Okta customer adding an internal app.
Click Finish.
From the General tab, scroll down to the App Embed Link section. Copy the Embed Link (Identity Provider URL) for PrivaceraCloud.
IdP provider metadata
In this topic, you will learn how to generate and save IdP provider metadata in XML format.
Go to Sign On tab.
> Settings, select the Identity Provider Metadata link located at the bottom of the Sign on methods area. The configuration file will open in a separate window.
In the SAML Signing Certificates section, click the Generate new certificate button.
In the list, click the Actions dropdown and select View IdP metadata.
The XML file will be opened in a new tab.
Note
Make sure that the certificate you are downloading has an active status.
Save the file in XML format.
IDP initiated SSO
From Applications, login to the Okta Home Page Dashboard as a user by selecting the Okta Dashboard icon.
Login toPrivaceraCloud by selecting the newly added app icon.