Single sign-on Using Okta
  • 1 Minute to read
  • Dark
    Light
  • PDF

Single sign-on Using Okta

  • Dark
    Light
  • PDF

Article summary

  • SSO is only available in the Enterprise plan.
  • To manage users exclusively through SSO, please contact support and specify that you want user management to be restricted to SSO.

Introduction

This document provides step-by-step instructions for creating a new application in Okta and configuring it for Single Sign-On (SSO) with Rivery.

Create New Application In Okta

  1. Log in to Okta Platform:

  2. Navigate to the Admin section.
    image.png

  3. Proceed to add an application for Single Sign-on.
    image.png

  4. Click Create New App.
    image.png

  5. SAML 2.0:
    Choose SAML 2.0 and proceed to the next step.

image.png

  1. Name Your Application:

Name your application as Rivery and click Next.

image.png

  1. Configure SAML Settings:

In the SAML Settings section, configure the following settings:

  • Single Sign-On URL (Ends with ACS):
https://auth.[console-region].rivery.io/[account-id]_Okta_[console-region]/?acs
  • Audience URI (Ends with Metadata):
https://auth.[console-region].rivery.io/[account-id]_Okta_[console-region]/metadata

Please Note:

  • Make sure to remove the square brackets once you have inserted your information.

  • Your Account ID is located in the Console URL: https://console.rivery.io/home/[account-id]/563f5b17b0a105467kle07a4we5435ff4c33

  • Rivery console URLRegion
    https://console.rivery.ious-east-2
    https://eu-west-1.console.rivery.ioeu-west-1
    https://eu-central-1.console.rivery.ioeu-central-1
  • NameID Format: Email Address

  • Application Username: Okta Username

  • Update Application Username On: Create and Update

    image.png

  1. Configure Attribute Statements:

Under Attribute Statements, configure the following case-sensitive settings:

NameName FormatValue
emailUnspecifieduser.email
NameIDUnspecifieduser.email
firstnameUnspecifieduser.firstName
lastnameUnspecifieduser.lastName

image.png

IMPORTANT: This should be implemented with care:
  • user.firstName and user.lastName must be defined exactly as shown (with a capital 'N').
  • RelayState URLs: The URLs must be set exactly as shown above, including the trailing slash (/).
  1. Click Next.

  2. Feedback Page:

On the Feedback page, select I'm an Okta customer adding an internal app and check This is an internal app that we have created as the App Type.

  1. Click Finish.

image.png

  1. Click on "View SAML setup instructions" in the pop-up window.

image.png

Submit Information to Rivery

To finalize the process, provide the following information to our Support team by submitting a Support Ticket.

  1. Identity Provider Single Sign-On URL
  2. Identity Provider Issuer
  3. X.509 Certificate.
  4. Specify the Default Role you prefer for newly introduced Rivery users upon logging in.

image.png

Please Note:
After setting up SSO, the default landing URL for your Rivery console will be https://console.rivery.io/home/[account_id]/default_env, indicating that all users have access permissions to the default Environment.


Was this article helpful?

What's Next