Contents x
    Single sign-on Using Okta
    • 1 Minute to read
    • Print
    • Dark
      Light
    • PDF
    Contents

    Single sign-on Using Okta

    • 1 Minute to read
    • Print
    • Dark
      Light
    • PDF
    Article summary

    • SSO is only available in the Enterprise plan.
    • To manage users exclusively through SSO, please contact support and specify that you want user management to be restricted to SSO.

    Introduction

    This document provides step-by-step instructions for creating a new application in Okta and configuring it for Single Sign-On (SSO) with Rivery.

    Create New Application In Okta

    1. Log in to Okta Platform:

    2. Navigate to the Admin section.
      image.png

    3. Proceed to add an application for Single Sign-on.
      image.png

    4. Click Create New App.
      image.png

    5. SAML 2.0:
      Choose SAML 2.0 and proceed to the next step.

    image.png

    1. Name Your Application:

    Name your application as Rivery and click Next.

    image.png

    1. Configure SAML Settings:

    In the SAML Settings section, configure the following settings:

    • Single Sign-On URL (Ends with ACS):
    https://auth.[console-region].rivery.io/[account-id]_Okta_[console-region]/?acs
    • Audience URI (Ends with Metadata):
    https://auth.[console-region].rivery.io/[account-id]_Okta_[console-region]/metadata

    Please Note:

    • Make sure to remove the square brackets once you have inserted your information.

    • Your Account ID is located in the Console URL: https://console.rivery.io/home/[account-id]/563f5b17b0a105467kle07a4we5435ff4c33

    • Rivery console URLRegion
      https://console.rivery.ious-east-2
      https://eu-west-1.console.rivery.ioeu-west-1
      https://eu-central-1.console.rivery.ioeu-central-1

    • NameID Format: Email Address

    • Application Username: Okta Username

    • Update Application Username On: Create and Update

      image.png

    1. Configure Attribute Statements:

    Under Attribute Statements, configure the following case-sensitive settings:

    NameName FormatValue
    emailUnspecifieduser.email
    NameIDUnspecifieduser.email
    firstnameUnspecifieduser.firstName
    lastnameUnspecifieduser.lastName

    image.png

    IMPORTANT: This should be implemented with care:
    • user.firstName and user.lastName must be defined exactly as shown (with a capital 'N').
    • RelayState URLs: The URLs must be set exactly as shown above, including the trailing slash (/).

    1. Click Next.

    2. Feedback Page:

    On the Feedback page, select I'm an Okta customer adding an internal app and check This is an internal app that we have created as the App Type.

    1. Click Finish.

    image.png

    1. Click on "View SAML setup instructions" in the pop-up window.

    image.png

    Submit Information to Rivery

    To finalize the process, provide the following information to our Support team by submitting a Support Ticket.

    1. Identity Provider Single Sign-On URL
    2. Identity Provider Issuer
    3. X.509 Certificate.
    4. Specify the Default Role you prefer for newly introduced Rivery users upon logging in.

    image.png

    Please Note:
    After setting up SSO, the default landing URL for your Rivery console will be https://console.rivery.io/home/[account_id]/default_env, indicating that all users have access permissions to the default Environment.

    Was this article helpful?
    What's Next