SSO - Okta
On This Page:
This document provides instructions on how to configure Okta Single Sign-on (SSO) integration to Volterra for your enterprise account. For an overview of Volterra, see About Volterra.
Note: SSO setup requires you to be of the
tenant ownertype user. Navigate to
Users. Click on the
Show/hide column, select the
Typefield, and click
Applyto display the
Typecolumn. For the tenant owner, the
Tenant Ownerand others, it displays
The following prerequisites apply:
- Note: If you do not have an account, see Create a Volterra Account.
- Okta Account
- A configured identity provider such as Google
Configuring SSO using Okta in VoltConsole includes performing the following actions:
- Configure the OIDC authentication application in Okta
- Enable SSO using Okta in VoltConsole
Configure OIDC Authentication Application in Okta
Configuring OIDC authentication application in Okta includes creating an identity provider type and an application for your SSO in Okta. Also, it requires whitelisting the redirect URI in your identity provider.
This example shows configuring Okta with Google as the identity provider.
Note: Creating OAuth credentials in Google is required for this step. For more information, see SSO-Google guide.
Perform the following actions to configure the OIDC app in Okta:
Step 1: Log into Okta and start new identity provider configuration.
- Log in to the Okta portal with your administrator access. Click
Add Googlein the
Add Identity Providerdrop-down menu.
Step 2: Obtain the OAuth information from the identity provider and add to the Okta identity provider configuration.
- Obtain the OAuth details from the identity provider.
- Add the details in the
GENERAL SETTINGSof the Okta identity provider configuration. This example sets name, client ID, and client secret obtained from Google OAuth settings.
Add Identity Providerand copy the URL in the
Step 3: Add the redirect URI to the white list of the identity provider OAuth client configuration.
This example shows adding redirect URI to the Google client ID configuration:
- Log into your Google credentials app, navigate to client ID configuration, and enter the redirect URI obtained in previous step to the
Authorized redirect URIsfield.
Step 4: Create application for SSO in Okta.
- Click on the
Applicationstab in the Okta top menu and select
Add Applicationand in the applications screen, click
Create New App.
Open Id Connectfor the
Sign on method, and click
- Enter an application name, enter a URL in the
Login redirect URIsfield, and click
Save. The application gets created.
- Navigate to the
Generalsettings tab of created application and scroll down to the
Client Credentialsfield. Note down the values of the
- Obtain the well-known URL for your Okta account. The following is an example well-known URL for Okta where the
vesvolterrausrepresents the subdomain part for a sample account.
Note: The client ID, client secret, and well-known URL fields are required in SSO configuration in VoltConsole.
Step 5: Configure user and group settings in Okta.
Identity Providersand click the
Add Routing Ruleand configure rules for users. Select the identity provider you created in the
Optionally, specify users and groups for which Okta-based SSO needs to be enabled. Perform the following:
Applicationsand click the settings icon for your application. Navigate to the
Assignmentstab of your application settings.
Assign to Peopleand add users for whom Okta SSO needs to be enabled.
Assign to Groupsand select the groups for whom Okta SSO needs to be enabled.
Enable SSO Using Okta in VoltConsole
Step 1: Start SSO setup in the VoltConsole.
- Login to VoltConsole with admin credentials. Click
Generalin the namespace selector and select
Login Optionsin the left configuration menu. Click
Choose Servicescreen and click
Step 2: Configure clients identity.
Create Clients ID screen, configure client ID and client secret.
- Enter the client ID and secret obtained in Step 4 of the Configure OIDC Authentication Application in Okta chapter in the
Client Secretfields respectively.
- Enter the well-known URL obtained in Step 4 of the Configure OIDC Authentication Application in Okta chapter in the
Import from well-known URLfield.
Import. The fields such as
Token URLget populated.
Step 3: Copy the redirect URL.
Copy the displayed values of the
Redirect URL field in the
Redirect URI screen. This is used in next step. Click
Step 4: Add the redirect URL in the Okta application settings.
Log into Okta and navigate to the
Generaltab of your application settings. Click
- Navigate to
LOGINsection in and enter the redirect URL copied in previous step to the
Login redirect URIsfield.
- Add the value of the
call back urlto the
Initiate login URIfield. You can obtain this from the settings of your identity provider by navigating to
- Save the settings.
Note: The field
Logout redirect URIsgets automatically populated.
Step 5: Complete the SSO Setup.
Log out of the VoltConsole. The subsequent logins get serviced through Okta.