Skip to main content

Okta and Nebula single sign-on configuration

Updated: 

The following instructions assist the Identity Provider administrator with the setup of single sign-on (SSO) for Nebula with Okta. Nebula only supports SAML 2.0 authentication protocol. 

Get started

  • The email address used for the Nebula account must match the email address used for Okta.
  • Log in to Nebula and go to Configure Single Sign-on.
  • Log in to your Okta Administrator portal and go to the Admin > Applications page.

Add the application in Okta - General Settings

  1. From the Applications page in Okta, click Add App > Create New App.image2019-3-6_14-43-48.png
  2. In the Create a New Application Integration dialog that opens, (A) select Web from the Platform dropdown menu > (B) check SAML 2.0 > (C) click Create.image2019-3-6_14-44-11.png
  3. On the following screen, (A) name the app in the App name field (for example, Nebula) > (B) click Next.
    image2019-3-6_14-44-34.png

Setup Okta SAML Settings

  1. In the Nebula Single Sign-On page, copy the Assertion Consumer Service URL.
  2. Paste the copied url into the Single sign on URL field in Okta.image2019-3-6_14-45-20.png
  3. On the Nebula Single Sign-On page, copy the Service Provider Entity ID.
  4. Paste the copied url into the Audience URI (SP Entity ID) field in Okta.image2019-3-6_14-45-59.png
  5. Leave Default RelayState field blank.
  6. Set Name ID format field to Unspecified.
  7. Set Application username field to Email.
    image2019-3-6_14-46-26.png
  8. (A) Type email in the Name field > (B) set Name format to URI Reference > (C) type user.email in the Value field, in lowercase, exactly as displayed below.
    image2019-3-6_14-46-44.png
  9. Click Next.

Upload Okta SSO XML file into Nebula

  1. Right-click Identity Provider metadata and select Save link as... to download the metadata.xml file in Okta.
    image2019-3-6_14-47-9.png
  2. Name the file > click Save.
  3. In the Nebula Single Sign-On page, have a Nebula Super admin drag the .xml file or Choose a Different File to upload the Identity Provider (iDP) Metadata.

Enable SSO

  1. Once the metadata is uploaded, toggle on Enable SSO.
    • Toggle on Just-In-Time (JIT) Provisioning to automatically create Nebula users if they don't already exist when authenticating through Okta.
    • Toggle on Service Provider Initiated SSO if you will be accessing Nebula through a tile or button in Okta.
  2. Now the application can be assigned to your Nebula administrators in Okta.

Still have questions?

Support is available via chat, phone or by creating a ticket. You can also use our virtual assistant for guided assistance.

Learn more