Link your Identity Provider - Okta

Learn how to integrate your company's Okta implementation for federated login access into Stax

Article Tags
On This Page
Before You BeginPrepare the SAML URIsPrepare the Okta GroupsConfigure OktaConfigure Stax to allow Okta Sign-InHow Do You Know This Worked?See also

Stax integrates with your corporate identity using SAML. This allows you to bring your own identities and identity management controls to the Stax platform. Okta is a cloud identity platform that works well with Stax.

Before You Begin

  • Estimated time to complete: 1 hour
  • You need to be a member of the Admin role in your Stax tenancy to complete this task
  • You need permissions to administer the Okta environment

Prepare the SAML URIs

First, you'll need to determine some URIs. If you're not sure how to get these, simply raise a case in the Stax Console and we'll help you out.

Your <customer-alias> is the same as you enter at the Stax Console login page shown here. Below, it is mega-corp.

Customer Alias

Your <installation-id> can be found by reviewing the URL of the login page after you enter your customer alias, as shown here. It's between your customer alias and staxapp.cloud in the URL. Below, it is au1.

Installation ID

Once you've determined your <customer-alias> and <installation-id>, you can form the URIs required for SAML setup:

Prepare the Okta Groups

Stax has three roles; admin, user, and readonly. You can use Okta to specify these roles at login time. For this purpose, you'll need to create and populate three groups. You can create these groups in your on-premises directory or natively within Okta.

In the examples below, we'll use the following three group names:

  • Stax Admins
  • Stax Users
  • Stax Read Only Users

See Stax Roles - Stax Permissions for more information on Stax roles.

Configure Okta

Once you've prepared the URIs and AD Groups, you can configure Okta.

  1. Log into the Okta Admin console. Choose Applications from the top nav bar to open the Applications page

    Applications

  2. Click Add Application then Create New App to open the Create a New Application Integration dialog. Select Web in the Platform drop-down list, and SAML 2.0 as the Sign on method, then click Create

    Create a New Application Integration

  3. On the General Settings page, give the app a name such as Stax, then click Next

    General Settings

  4. On the Configure SAML page, complete the SAML configuration for the new application:

    ParameterValueExample
    General
    Single sign on URLThe SAML 2.0 Service URL you determined earlierhttps://id.security.mega-corp.au1.staxapp.cloud/auth/realms/master/broker/okta/endpoint
    Use this for Recipient URL and Destination URLChecked
    Allow this app to request other SSO URLsUnchecked
    Audience URI (SP Entity ID)The entity ID you determined earlierhttps://id.security.mega-corp.au1.staxapp.cloud/auth/realms/master
    Default RelayState(blank)
    Name ID formatPersistent
    Application usernameEmail
    Update application username onCreate and update
       
    Attribute Statements
    (1) Nameemailaddress
    (1) Name formatUnspecified
    (1) Valueuser.email
    (2) NamefirstName
    (2) Name formatUnspecified
    (2) Valueuser.firstName
    (3) NamelastName
    (3) Name formatUnspecified
    (3) Valueuser.lastName

    SAML Settings

  5. Click Next to open the Feedback page, which you may complete then Finish

  6. Next, you need to configure Okta to send the user's Stax Role across to Stax. From the top nav bar's Directory menu, choose Profile Editor to open the Profile Editor page.

    SAML Settings

  7. Choose Profile next to Stax User to edit the profile settings for the new application

    User Profile

  8. On the Profile Editor page, under Attributes, choose + Add Attribute to open the Add Attribute dialog

    Add Attribute

  9. Enter the following values to create the JumaRole attribute:

    ParameterValue
    Data typestring
    Display NameStax Role
    Variable NameJumaRole
    DescriptionRole to send to Stax
    Enumchecked
    **Attribute members
    (1) Display NameAdmin
    (1) Valuecustomer_admin
    (2) Display NameUser
    (2) Valuecustomer_user
    (3) Display NameRead Only
    (3) Valuecustomer_readonly
    Attribute lengthBetween
    min(blank)
    max(blank)
    Attribute requiredYes
    Scopeunchecked

    Choose Save to complete adding the attribute

    JumaRole attribute

  10. Next, you need to assign the role to your three user groups. From the top nav bar, on the Applications menu, open Applications and choose Stax from the list. Choose the Assignments tab. Click Assign and then Assign to Groups to open the Assign Stax to Groups dialog

    JumaRole attribute

  11. Find the three Stax groups you created in the list. Next to each, click Assign and choose the appropriate level of permissions for the group

    Assign Stax to Groups

    Assign Role to Group

    Once you have assigned all the appropriate group/role relationships, choose Done to close the dialog

  12. Finally, download your Okta metadata to provide to us. To get this, from the Applications menu, choose Applications. Open the Stax application configuration and choose the Sign On tab. Click the Identity Provider metadata link to download the metadata file and save it for later

    Download IdP Metadata

Configure Stax to allow Okta Sign-In

When you're ready to have Stax configured, you simply need to supply us with your Okta metadata, and we'll do the rest for you.

How Do You Know This Worked?

Next time you navigate to your Stax Console login page, on the right hand side, you'll see a new Corporate ID button. Clicking this button will take you to your Okta sign-in page. Log in on the Okta page and you'll be signed into your Stax tenancy.

Choose Your Login Provider

See also