Skip to main content

Steps to Configure Okta as your identity provider

shaunice powell
  • Updated

Prerequisites

To connect BigAnimal to Okta, you must have either:

  • One of the following roles in Okta:

    • Super Administrator
    • Application Administrator

  • A custom admin role with similar permissions.

    Learn more about Okta administrator roles.

Unique URL and access code are provided in an email from cloudcare@enterprisedb.com. Contact cloudcare@enterprisedb.com if you don't receive the email. The URL becomes invalid after you set up your identity provider with BigAnimal. If you have issues with the code or identity provider setup, contact Support.

 

Set up BigAnimal with Okta

  1. To access the Set Up Identity Provider page in BigAnimal, open the link in the email sent from cloudcare@enterprisedb.com.

  2. In a separate browser tab or window, log into the Okta Admin Console.

  3. From the left navigation pane, select Applications. On the Applications page:

    1. Select Create App Integration.

    2. Select SAML 2.0 as the sign-in method.

    3. Enter a name for your application.

    4. Select Do not display application icon to users and Do not display application icon in the Okta Mobile app.

  4. Go to the Configure SAML step.

    a. Copy and paste the following information from the Set Up Identity Provider page in BigAnimal to Okta:

    Copy from BigAnimal Paste in Okta
    Audience URI Audience URI (SP Entity ID)
    Assertion Consumer Service URL Single sign-on URL

    b. In the Attribute Statements section, enter the configuration. We recommend the following:

    Name Value Notes
    <assertion_path>/name user.name The name field defaults to the user’s email. Alternatively, you can set the value as the following Okta expression to combine the first and last names: user.firstName + " " + user.lastName
    <assertion_path>/emailaddress user.email  
    <assertion_path>/nameidentifier user.userId Optional
    <assertion_path>/surname user.lastName  
    <assertion_path>/givenname user.firstName  

    Where <assertion_path> is http://schemas.xmlsoap.org/ws/2005/05/identity/claims.

    c. On the Assignments tab on the Applications page, select Assign to assign people or groups to the newly created application. If you need to sign into BigAnimal, be sure to assign yourself.

    d. On the Sign On tab, select View SAML setup instructions to open a tab with instructions for your application.

i. Select Download certificate in step 3 of the instructions.

ii. Copy from the Identity Provider Single Sign-on URL from step 1 of the SAML setup instructions.

 e. In BigAnimal, on the Setup Config tab on the Set Up Identity Provider page:

i. Paste the Identity Provider Single Sign-on URL you copied from Okta into the Single Sign-On URL field.

ii. For Identity Provider Signature Certificate, upload the certificate downloaded from Okta.

iii. Select the appropriate method for Request Binding. Okta supports HTTP-POST, HTTP-Redirect, and Hybrid.

iv. Select the appropriate value for Response Signature Algorithm. Okta AD supports rsa-sha256 and rsa-sha1.

v. Select Test Connection. If the connection is successful, select Sign in to BigAnimal to complete the setup process in the BigAnimal portal.