Document toolboxDocument toolbox

Using Okta as the IdP

Owned by Shirly Tsang
Last updated: Sept 06, 2024 by Gary Leicht
3 min read

SAML Authentication

To integrate SAML with Okta as the IdP, you must first configure the SAML2.0 application in Okta. For information, refer to the Okta documentation.

To se the SAML groups attribute, complete the following:

Navigate to Group Attribute Statement, and set the following:

  • Set name to groups

  • Set name format to unspecified

  • Set filter to "Matches Regex .*" (or any regex you wish)

The following table lists the required parameters for a successful integration:

Parameter

Description

Usage

Entity ID (Service Provider)The Entity ID is the audience URI for setting up the basic SAML configuration.
  • Copy Entity ID from the SERVICE PROVIDER DETAILS section of the Create Authentication Profile dialog on the Infoblox Portal.
  • Enter the copied value in the Entity ID field in the SAML2.0 application in Okta.
Assertion Consumer Service URL (Service Provider)The Assertion Consumer Service (ACS) URL directs your IdP where to send the SAML response after authenticating a user.
  • Copy Assertion Consumer Service URL from the SERVICE PROVIDER DETAILS section of the Create Authentication Profile dialog on the Infoblox Portal.
  • Enter the copied value in the Single Sign-on URI field in the SAML2.0 application in Okta.
Metadata URL (IdP)The IdP Metadata URL directs you to the XML file that contains the IdP information you need to set up the connection with the IdP. You do not need to enter other details separately if you can obtain the XML file.
  • In Okta, navigate to the SAML 2.0 application -> Sign-On, click Identity Provider Metadata, and then click Save to save the URL.
  • Enter the copied value in the Metadata URL field in the IDENTITY PROVIDER DETAILS section of the Create Authentication Profile dialog on the Infoblox Portal.
Issuer (IdP)The IdP Issuer is the URL that defines the unique identifier for your SAML application.
  • In Okta, navigate to the SAML 2.0 application -> Sign-On -> View Setup Instructions, and then copy Identity Provider Issuer.
  • Enter the copied value in the Issuer field in the IDENTITY PROVIDER DETAILS section of the Create Authentication Profile dialog on the Infoblox Portal.
SSO URL (IdP)The IdP SSO URL redirects the service provider to Azure AD to authenticate and sign on the user.
  • In Okta, navigate to the SAML 2.0 application -> Sign-On -> View Setup Instructions, and then copy Identity Provider Single Sign-On URL.
  • Enter the copied value in the SSO URL field in the IDENTITY PROVIDER DETAILS section of the Create Authentication Profile dialog on the Infoblox Portal.
Signing Certificate (IdP)The IdP Signing Certificate ensures that data is coming from the expected IdP and service provider. The certificate is used to sign SAML requests, responses, and assertions from the service to relying applications.
  • In Okta, navigate to the SAML 2.0 application -> Sign-On -> View Setup Instructions, and then save the X.509 Certificate.
  • In the IDENTITY PROVIDER DETAILS section of the Create Authentication Profile dialog on the Infoblox Portal, click Select file for Signing Certificate to locate the downloaded certificate.

OpenID Connect Authentication

To integrate OpenID Connect with Okta as the IdP, you must first configure a new OpenID Connect application in Okta. For information, refer to the Okta documentation.

To configure users and groups, complete the following:

  • Navigate to Assignment and select the users/groups that are allowed to use the application.

Note

This assignment does not affect the list of groups returned by the OpenID Connect application. It only selects the users that are allowed to use the application.

To reduce the scope of returned groups, you can use the Groups Claim Regex.

The following table lists the required parameters for a successful integration:

Parameter

Description

Usage

Login Redirect URI (Client)The Redirect URI determines where the authorization server redirects the user once the application successfully authorizes and grants an authorization code or access token.
  • Copy Login Redirect URI from the CLIENT DETAILS section of the Create Authentication Profile dialog on the Infoblox Portal.
  • Enter the copied value in the Login Redirect URIs in the OpenID Connect application.
Client ID (Client)The Client ID is the ID for logging in to the IdP client.
  • In Okta, navigate to the OpenID Connect application -> General ->  Client ID, and then click Copy to clipboard.
  • Enter the copied value in the Client ID field in the CLIENT DETAILS section of the Create Authentication Profile dialog on the Infoblox Portal.
Client Secret (Client)The Client Secret is the password for logging in to the IdP client.
  • In Okta, navigate to the OpenID Connect application -> General ->  Client Secret, and then click Copy to clipboard.
  • Enter the copied value in the Client Secret field in the CLIENT DETAILS section of the Create Authentication Profile dialog on the Infoblox Portal.
Issuer (IdP)The Issuer is the URL that defines the unique identifier for your OpenID Connect application.
  • In Okta, navigate to the OpenID Connect application -> Sign On and copy Issuer.
  • Enter the copied value in the Issuer field in the IDENTITY PROVIDER DETAILS section of the Create Authentication Profile dialog on the Infoblox Portal.