- 2 Minutes to read
- Print
- DarkLight
- PDF
Single Sign On Using Okta
- 2 Minutes to read
- Print
- DarkLight
- PDF
- For specific plans only.
- In order to start this process, please reach out to your CSM.
Create New Application
- Sign in to your Okta platform.
- Go to Applications -> Create App Integration
Check SAML2.0 and click Next
Name your application as Rivery and click on Next
In the SAML Settings, set the following configurations:
- Single sign on Url: The ACS url provided to you by Rivery. If you don't have one, please use the following format (Replace the EntityIDSP with a unique name provided to you by Rivery, mostly it included your account name in Rivery + SSO provider. For example:
rivery-acme-okta
) :
https://auth.console.rivery.io/<EntityIDSP>/?acs
- Audience URI (SP Entity ID): A Url of the metadata provided by Rivery to Okta. If you don't have one, use the following format (Replace the EntityIDSP with a unique name provided to you by Rivery, mostly it included your account name in Rivery + SSO provider. For example:
rivery-acme-okta
) :
https://auth.console.rivery.io/<EntityIDSP>/metadata
- NameID Format: Email Address
- Application Username: Okta Username
- Update application username on: Create and Update.
- Default Relay State: Your rivery platform uri by region. Use the Rivery login base url you're using. For example:
https://console.rivery.io
orhttp://eu-west-1.console.rivery.io
.
- Under the Attribute Statements set up the next settings.
These settings are case sensitive!
Name | Name Format | Value |
---|---|---|
Unspecified | user.email | |
NameID | Unspecified | user.email |
firstname | Unspecified | user.firstName |
lastname | Unspecified | user.lastName |
Click on Next
On the Feedback page, click on I'm an Okta customer adding an internal app in the Are you a customer or partner? and This is an internal app that we have created on the App Type.
Click Finish
Provide the details to Rivery
In order to make the handshake on Rivery's side, please provide the following details to your Rivery Account Executive.
In order to provide the details:
- Go to the application you've just created.
- Under the Sign On tab click on View Setup Instructions
- In the screen opened, copy the Identity Provider Single Sign-On URL, Identity Provider Issuer and the X.509 Certificate attributes, and save them aside.
Then provide the next details to your Rivery Account Executive by the next mapping:
Okta Attribute Name | Rivery Term | Example |
---|---|---|
Identity Provider Single Sign-On URL | SSO URL | https://1234567.okta.com/app/1234567/xxxxxxxxxxx/sso/saml |
Identity Provider Issuer | EntityID URL | http://www.okta.com/xxxxxxxxxxx |
X.509 Certificate | Certificate | -----BEGIN CERTIFICATE----- ..... |
EntityID | EntityID | rivery-acme-okta |
We use JIT Provisioning, so please also tell us what are the default permissions you'd like to set for new users (viewer / developer / admin).
If everything was configured correctly, after about 5-10 minutes since the initiation in Rivery side, you'll be able to use SSO through your Okta application gallery.