Single Sign On Using Okta
  • 2 Minutes to read
  • Dark
    Light
  • PDF

Single Sign On Using Okta

  • Dark
    Light
  • PDF

Article Summary

Note
  • For specific plans only.
  • In order to start this process, please reach out to your CSM.

Create New Application

  1. Sign in to your Okta platform.
  2. Go to Applications -> Create App Integration

image.png

  1. Check SAML2.0 and click Next
    image.png

  2. Name your application as Rivery and click on Next
    image.png

  3. In the SAML Settings, set the following configurations:

  • Single sign on Url: The ACS url provided to you by Rivery. If you don't have one, please use the following format (Replace the EntityIDSP with a unique name provided to you by Rivery, mostly it included your account name in Rivery + SSO provider. For example: rivery-acme-okta) :
https://auth.console.rivery.io/<EntityIDSP>/?acs
  • Audience URI (SP Entity ID): A Url of the metadata provided by Rivery to Okta. If you don't have one, use the following format (Replace the EntityIDSP with a unique name provided to you by Rivery, mostly it included your account name in Rivery + SSO provider. For example: rivery-acme-okta) :
https://auth.console.rivery.io/<EntityIDSP>/metadata
  • NameID Format: Email Address
  • Application Username: Okta Username
  • Update application username on: Create and Update.
  • Default Relay State: Your rivery platform uri by region. Use the Rivery login base url you're using. For example: https://console.rivery.io or http://eu-west-1.console.rivery.io.

image.png

  1. Under the Attribute Statements set up the next settings.
    These settings are case sensitive!
NameName FormatValue
emailUnspecifieduser.email
NameIDUnspecifieduser.email
firstnameUnspecifieduser.firstName
lastnameUnspecifieduser.lastName

image.png

  1. Click on Next

  2. On the Feedback page, click on I'm an Okta customer adding an internal app in the Are you a customer or partner? and This is an internal app that we have created on the App Type.
    image.png

  3. Click Finish

Provide the details to Rivery

In order to make the handshake on Rivery's side, please provide the following details to your Rivery Account Executive.
In order to provide the details:

  1. Go to the application you've just created.
  2. Under the Sign On tab click on View Setup Instructions

image.png

  1. In the screen opened, copy the Identity Provider Single Sign-On URL, Identity Provider Issuer and the X.509 Certificate attributes, and save them aside.

image.png

Then provide the next details to your Rivery Account Executive by the next mapping:

Okta Attribute NameRivery TermExample
Identity Provider Single Sign-On URLSSO URLhttps://1234567.okta.com/app/1234567/xxxxxxxxxxx/sso/saml
Identity Provider IssuerEntityID URLhttp://www.okta.com/xxxxxxxxxxx
X.509 CertificateCertificate-----BEGIN CERTIFICATE----- .....
EntityIDEntityIDrivery-acme-okta

We use JIT Provisioning, so please also tell us what are the default permissions you'd like to set for new users (viewer / developer / admin).

If everything was configured correctly, after about 5-10 minutes since the initiation in Rivery side, you'll be able to use SSO through your Okta application gallery.


Was this article helpful?