Skip to content

Okta Setup for SAML-SSO

Okta is a third-party identity provider, offering single sign-on (SSO) authentication and identity validation services for a large number of Software-as-a-Service providers. PrivaceraCloud works with Okta's SAML (Security Assertion Markup Language) interface to provide an SSO / Okta login authentication to the PrivaceraCloud portal. See Activate SSO - Connect via SAML to an Identity Provider.

Integration with Okta begins with configuration steps in the Okta administrator console. These steps also generate a PrivaceraCloud account-specific identity_provider_metadata.xml file and an Identity Provider URL that are used in the PrivaceraCloud Okta/SSO configuration steps.

Note

To use Okta SSO with PrivaceraCloud, you must have already established an Okta SSO service account, as the following steps require Okta SSO administrative login credentials.

Generate an Okta Identity Provider Metadata File and URL#

  1. Log in to your Okta account as the Okta SSO account administrator.

  2. Select Applications from the left navigation panel, then click Applications subcategory.

    1. From the Applications page, click Create App Integration.

      Note

      In additon to creating new applications you can also edit existing apps with new configuration values.

    2. Select SAML 2.0, then click Next.

    3. In General Settings, provide a short descriptive app name in the App name text box. For example, enter Privacera Portal SAML for SAML-SSO. Or, SaaS SAML RelayState for an IDP initiated SSO with RelayState.

    4. Cick Next.

    5. On the SAML Settings configuration page, enter the values as shown in the following table:

      Field Value
      Single sign on URL https://yourhostname.com/SingleSignOnService/receiveResponse
      Audience URI (SP Entity ID) privacera_portal
      Default RelayState If you choose to enlist this feature it will be your 14-digit PrivaceraCloud Account ID number
      Name ID format Unspecified
      Application username Okta username
      UserID user.login
      Email user.email
      Firstname user.firstName
      LastName user.LastName

      Note

      The Default RelayState value identifies a specific application resource in an IDP initiated SSO scenario. In most cases this field will be left blank.

    6. Click Next.

    7. Select the Feedback tab and click I'm an Okta customer adding an internal app.

    8. Click Finish.

  1. From Sign On > Settings, select the Identity Provider Metadata link located at the bottom of the Sign on methods area. The configuration file will open in a seperate window.

  2. Save the file in XML format.

  3. From the General tab, scroll down to the App Embed Link section. Copy the Identity Provider Url (Embed Link) PrivaceraCloud.

  4. From Applications, login to the Okta Home Page Dashboard as a user by selecting the MY end user dashboard link.

IDP initiated SSO#

  1. From Applications, login to the Okta Home Page Dashboard as a user by selecting the Okta Dashboard icon.

  2. Login to PrivaceraCloud by selecting the newly added app icon.


Last update: August 19, 2021