Okta SAML Connector for Platform9

Platform9 supports Single Sign On with Okta. This tutorial describes the procedure for configuring Platform9 as Okta application. Once the application is configured, you can follow these steps to grant your Okta users access to the Platform9 cloud.

Step 1: Create a New SAML Connector

After logging in as admin, search for “Template SAML 2.0 App”. This app is deprecated by Okta, however it works with Platform9.

Step 2: Configure SAML Connector

Give your application connector a suitable label as shown below —

Okta connector for SAML 2.0 Apps

Step 3: Configure Okta Connection Settings

  1. Post Back URL: Set it to https://<Account FQDN>/Shibboleth.sso/SAML2/POST
  2. Name ID Format: Leave it as is.
  3. Recipient: Set it to https://<Account FQDN>/Shibboleth.sso/SAML2/POST
  4. Audience Restriction: Set it to https://<Account FQDN>/keystone
  5. authnContextClassRef: Leave it as is.
  6. Response: Leave it as is.
  7. Assertion: Leave it as is.
  8. Request: Leave it as is.
  9. Destination: Set it to https://<Account FQDN>/Shibboleth.sso/SAML2/POST
  10. Default Relay State: Set it to https://<Account FQDN>/clarity/#/signin/sso
  11. Attribute Statements: Configure as needed. These are the attributes which show up as part of SAML assertion posted to the Platform9 environment. They can be used to create mappings in OpenStack. These mappings provide a way to associate Okta users to resources in OpenStack. At a minimum, the attributes FirstName and LastName of the user are needed.

Okta Connector Configuration for OpenStack

That is it! Once you grant permissions to Okta users as described here, they can start using Platform9 based OpenStack cloud right away.

The browser you are using is outdated. For the best experience please download or update your browser to one of the following:

GigaOM’s Radar report for Managed KubernetesRead Now