Configure Federated Authentication from Okta¶

Add a new application to your Okta account¶

1. In the Okta top navigation, click the Applications tab.
2. Click the Add Application button.
3. Click the Create New App button.
4. Select Web for the Platform field.
5. Select SAML 2.0 for the Sign on method field.
6. Click the Create button.

Create Okta SAML integration¶

1. Fill in the App name text field with your desired application name.
2. Optionally, add a logo image and set app visibility.
3. Click the Next button.

Download Okta certificate¶

1. Click the Download Okta Certificate button.
2. Rename the downloaded file to have a .cer extension instead of .cert.

Navigate to the Federation Management Console¶

1. Log in to Atlas.
2. Use the dropdown at the top-left of Atlas to select the organization for which you want to manage federation settings.
3. Click Settings in the left navigation pane.
4. In Manage Federation Settings, click Visit Federation Management App.

Create a new Identity Provider¶

1. In the FMC dashboard, click the Manage Identity Providers button.
2. Click the Setup Identity Provider button.

Enter SAML settings¶

1. In the FMC dashboard, fill in the data fields with the following values:

   Field	Value
   Configuration Name	A descriptive name of your choosing.
   Issuer URI and Single Sign-On URL	Click the Fill With Placeholder Values button to the right of the text fields. You will get the real values from Okta in a later step.
   Identity Provider Signature Certificate	Click the Choose File button to upload the .cer file you received from Okta earlier.
   Request Binding	HTTP POST
   Response Signature Algorithm	SHA-256

2. Click the Next button.

Create SAML Integration¶

1. In this step, copy values from the Atlas FMC to the Okta Create SAML Integration page.

   Okta Data Field	Value
   Single sign on URL	Use the Assertion Consumer Service URL from the Atlas FMC. Checkboxes: Check Use this for Recipient URL and Destination URL. Clear Allow this app to request other SSO URLs.
   Audience URI (SP Entity ID)	Use the Audience URI from the Atlas FMC.
   Default RelayState	Leave blank.
   Name ID format	Unspecified
   Application username	Email
   Update application username on	Create and update

2. Click the Click Show Advanced Settings link in the Okta configuration page and ensure that the following values are set:

   Okta Data Field	Value
   Response	Signed
   Assertion Signature	Signed
   Signature Algorithm	RSA-SHA256
   Digest Algorithm	SHA256
   Assertion Encryption	Unencrypted

3. Leave the remaining Advanced Settings fields in their default state.

4. Scroll down to the Attribute Statements (optional) section and create four attributes with the following values:

   Name	Name Format	Value
   email	Unspecified	user.email
   firstName	Unspecified	user.firstName
   lastName	Unspecified	user.lastName

   Important

   The values in the Name column are case-sensitive. Enter them exactly as shown.

   Note

   These values may be different if Okta is connected to an Active Directory. For the appropriate values, use the Active Directory fields that contain a user's first name, last name, and full email address.

5. (Optional) If you plan to use role mapping, scroll down to the Group Attribute Statements (optional) section and create an attribute with the following values:

   Name	Name Format	Filter	Value
   memberOf	Unspecified	Matches regex	.*

   This filter matches all group names associated with the user. To filter the group names sent to Atlas further, adjust the Filter and Value fields.

6. Click the Next button in the Okta configuration.
7. Select the radio button marked I'm an Okta customer adding an internal app.
8. Click the Finish button.

Copy information back to the Atlas FMC¶

1. On the Okta application page, click View Setup Instructions in the middle of the page.

   Note

   The Okta setup instructions appear in a new browser tab.

2. In the Atlas FMC, click the Finish button to return to the Identity Providers page. Click the Modify button for your newly created IdP.

3. Fill in the following text fields:

   FMC Data Field	Value
   Issuer URI	Use the Identity Provider Issuer value from the Okta Setup Instructions page.
   Single Sign-on URL	Use the Identity Provider Single Sign-On URL value from the Okta Setup Instructions page.

4. Close the Okta setup instructions browser tab.
5. Click the Next button on the Atlas FMC page.
6. Click the Finish button the FMC Edit Identity Provider page.

Assign users to your Okta application¶

1. On the Okta application page, click the Assignments tab.
2. Ensure that all your Atlas organization users who will use the Okta service are enrolled.

Open the Federation Management Console.¶

1. Log in to Atlas.
2. Use the dropdown at the top-left of Atlas to select the organization for which you want to manage federation settings.
3. Click Settings in the left navigation pane.
4. In Manage Federation Settings, click Visit Federation Management App.

Connect an organization to the Federation Application.¶

1. Click View Organizations.

   Atlas displays all organizations where you are an Organization Owner.

   Organizations which are not already connected to the Federation Application have Connect button in the Actions column.

2. Click the desired organization's Connect button.

Apply an Identity Provider to the organization.¶

From the Organizations screen in the management console:

1. Click the Name of the organization you want to map to an IdP.

2. On the Identity Provider screen, click Apply Identity Provider.

   Atlas directs you to the Identity Providers screen which shows all IdPs you have linked to Atlas.

3. For the IdP you want to apply to the organization, click Add Organizations.
4. In the Apply Identity Provider to Organizations modal, select the organizations to which this IdP applies.
5. Click Confirm.

Connect an organization to the Federation Application.¶

1. Click Organizations in the left navigation.
2. In the list of Organizations, ensure that your desired organization(s) now have the expected Identity Provider.