Identity Provider: Okta
Prerequisites
1. User who has the below role/permission in Okta to create applications and assign people to applications.
-
One of the following roles in Okta:
- Super Administrator
- Application Administrator
-
A custom admin role with similar permissions.
Learn more about Okta administrator roles.
2. User who has completed the registration in https://www.enterprisedb.com/accounts/register/biganimal and can login BigAnimal portal (Switch to correct organization if applicable)
3. Verify a domain. This may need to engage the customer's IT team to add TXT record. Steps can refer doc(have details steps): Add a domain
Set up BigAnimal with Okta
- Login to BigAnimal portal via EDB Account, go to 'Settings' -> ' Identity Provider' by clicking Profile (right upper corner)
-
In a separate browser tab or window, log into the Okta Admin Console.
-
From the left navigation pane, select Applications. On the Applications page:
-
Select Create App Integration.
-
Select SAML 2.0 as the sign-in method.
-
Enter a name for your application.
-
Select Do not display application icon to users and Do not display application icon in the Okta Mobile app.
-
-
Go to the Configure SAML step.
a. Copy and paste the following information from the Set Up Identity Provider page in BigAnimal to Okta:
Copy from BigAnimal Paste in Okta Audience URI Audience URI (SP Entity ID) Assertion Consumer Service URL Single sign-on URL b. In the Attribute Statements section, enter the configuration. We recommend the following:
Name Value Notes <assertion_path>/name user.name The name field defaults to the user’s email. Alternatively, you can set the value as the following Okta expression to combine the first and last names: user.firstName + " " + user.lastName <assertion_path>/emailaddress user.email <assertion_path>/nameidentifier user.userId Optional <assertion_path>/surname user.lastName <assertion_path>/givenname user.firstName Where <assertion_path> is http://schemas.xmlsoap.org/ws/2005/05/identity/claims.
c. On the Assignments tab on the Applications page, select Assign to assign people or groups to the newly created application. If you need to sign into BigAnimal, be sure to assign yourself.d. On the Sign On tab, select View SAML setup instructions to open a tab with instructions for your application.
i. Select Download certificate in step 3 of the instructions.
ii. Copy from the Identity Provider Single Sign-on URL from step 1 of the SAML setup instructions.
e. In BigAnimal, on the Setup Config tab on the Set Up Identity Provider page:
i. Paste the Identity Provider Single Sign-on URL you copied from Okta into the Single Sign-On URL field.
ii. For Identity Provider Signature Certificate, upload the certificate downloaded from Okta.
iii. Select the appropriate method for Request Binding. Okta supports HTTP-POST, HTTP-Redirect, and Hybrid.
iv. Select the appropriate value for Response Signature Algorithm. Okta AD supports rsa-sha256 and rsa-sha1.
v. Select Test Connection. If the connection is successful, select Sign in to BigAnimal to complete the setup process in the BigAnimal portal.
5. After IDP is set, you need to change the login box. Fill in your email address as BigAnimal Account to login to the portal instead of clicking EDB Account.