Okta
  • 18 Oct 2020
  • 2 Minutes To Read
  • Contributors
  • Print
  • Dark
    Light

Okta

  • Print
  • Dark
    Light

This article describes how to set Okta as your identity provider.

  • Configuring your Okta account
  • Configuring Perimeter 81
  • Access Error troubleshooting

Please follow the steps below:

Note: To successfully integrate Okta and Perimeter 81 you must have admin access in both platforms.

Configuring your Okta account

  1. Log in to your Okta account.
  2. On the general Okta dashboard, select Dashboard. This takes you to the Okta Admin Dashboard.
  3. Using the list of shortcuts at the right-hand side of the screen, select Add Applications.
    httpsfilesreadmeio92df107-okta-admin-dashboard.png
  4. On the Add Application page, select Create New App.
    360008601539okta-addapp.png
  5. On the Create a New Application Integration pop-up window, select Web as the Platform for your application and choose SAML 2.0 as the sign-on method. Select Create to proceed.
    httpsfilesreadmeio91491b1-new-app-integration.png
  6. You will now create your SAML integration. On the General Settings page, provide the following:
  • App name: Perimeter 81
  • App Logo: (Optional)
  • App visibility: select whether you want your users to see your application icon and in what settings.
  1. Select Next to proceed.
    httpsfilesreadmeio21fa286-saml-general-settings.png
  2. Next, you will see the SAML Settings page. Enter the following values into the appropriate fields:
    Single sign-on URL : https://auth.perimeter81.com/login/callback?connection={{WORKSPACE}}-oc

For example https://auth.perimeter81.com/login/callback?connection=myworkspacename-oc
Audience URI (SP Entity ID): urn:auth0:perimeter81:{{WORKSPACE}}-oc
For example, myworkspacename.perimeter81.com workspace should translate to urn:auth0:perimeter81:myworkspacename-oc
360008126680ScreenShot2020-01-19at112702.png
9. You will also need to add the following Attributes Statement:

  • Name: email

  • Name format (optional): Unspecified

  • Value: ${user.email}

  • Name: given_name

  • Name format (optional): Unspecified

  • Value: ${user.firstName}

  • Name: family_name

  • Name format (optional): Unspecified

  • Value: ${user.lastName}

360008041499mceclip1.png
Now add the Group Attribute statement:

  • Name: groups
  • Name format (optional): Unspecified
  • Filter type: Matches regex
  • Value: .*

360008032220mceclip2.png
10. You can select Preview the SAML assertion to generate an XML file that can be used to verify that your provided settings are correct.

11. Select Next to proceed.
12. Finally, answer Are you a customer or partner? by selecting I'm an Okta customer adding an internal app

Select Finish (filling in the questions on this page is not mandatory).
httpsfilesreadmeio8787b45-okta-support.png
You'll be directed to the Sign-On page for your newly-created app.
13. Select Assignment then Assign to create either groups or individual assignments from your Identity Provider to the application (this will determine who can access Perimeter 81).
httpsfilesreadmeioaed09a5-ScreenShot2018-10-23at152205.png
14. Select Sign-On and then View Setup Instructions to complete the process.
httpsfilesreadmeio4f4e299-ScreenShot2018-10-23at152743.png
15. Take note of the Identity Provider Single Sign-On URL, and make a copy of the X.509 certificate.
httpsfilesreadmeio9dc1ee3-config-info.png

Configuring Perimeter 81

You need to configure the integration from the Perimeter 81 side.

  1. Log in to your Perimeter 81 Management Platform, and navigate to Settings and then Identity Providers.
    360008600320addprovider11.png
  2. Select + Add Provider.
  3. Select SAML 2.0 Identity Providers.
  4. Fill in Sign In URL, Signing Certificate.
  5. Add your organization domain.
  6. Paste the certification from OKTA (begin and end line included).
  7. Select Done.

Access Error troubleshooting

If your users are getting access error after the configuration, please check these steps.