The following article assists Identity Provider (IDP) Administrators with configuring single sign-on (SSO) for OneView with Okta. OneView only supports the SAML 2.0 authentication protocol. For more information, see Configure single sign-on with OneView.
Add the application in Okta - General Settings
- From the Applications page in Okta, click Add App > Create New App.
- In the Create a New Application Integration dialog that opens, select Web from the Platform dropdown menu.
- Check SAML 2.0 and click Create.
- Name the app in the App name field and click Next.
Setup Okta SAML Settings
- On the OneView Single Sign-On page, copy Assertion Consumer Service URL.
- Paste the copied url into the Single sign on URL field in Okta.
- On the OneView Single Sign-On page, copy the Service Provider Entity ID.
- Paste the copied url into the Audience URI (SP Entity ID) field in Okta.
- Leave Default RelayState field blank.
- Set Name ID format field to Unspecified.
- Set Application username field to Email.
- Type email in the Name field.
- Set Name format to URI Reference.
- Type user.email in the Value field.
- Click Next.
Link Okta metadata with OneView
Use one of the following methods to connect the metadata with OneView
Metadata URL
- Copy the OneLogin App Federation Metadata Url.
- In the OneView Single Sign-On page, paste the Metadata URL under Identity Provider (IDP) Metadata.
- Set Enable Single Sign-On (SSO) to ON.
- In the top right, click Save.
Metadata XML
- Download the Okta Federation Metadata XML file.
- In the OneView Single Sign-On page, choose Metadata XML.
- Drag the .xml file or click Or Select A File to upload the IDP Metadata.
- Set Enable Single Sign-On (SSO) to ON.
- In the top right, click Save.
Enable SSO
- Once the metadata is uploaded, toggle on Enable SSO.
- Toggle on Just-In-Time (JIT) Provisioning to automatically create OneView users if they don't already exist when authenticating through Okta.
- Toggle on Service Provider Initiated SSO if you will be accessing OneView through a tile or button in Okta.
- Now the application can be assigned to your OneView administrators in Okta.