Use Okta SSO
Okta is one of the SSO providers and it is an SaaS-based service that acts as a centralized authentication platform for different applications. When configured with Okta, the Incorta Direct Data Platform sends a request to Okta for authentication when a user tries to sign in. If Okta authenticates this user, it sends a SAML response containing the user's identity (i.e. user ID) for the Incorta Direct Data Platform to in turn, provide the user with access.
In order to set up users for Okta SSO authentication, you need:
- Incorta Direct Data Platform Super User account.
- Okta Admin account.
- Incorta Direct Data Platform installed and running.
- Directory sync configured.
- Load balancer that can access Incorta.
Configure Okta to Use Incorta
Create an application in Okta for each Incorta Direct Data Platform tenant:
- Log in to the Okta Administration Console
- On the Applications tab, select Add Applications.
- Create a new application and register Incorta.
- Generate a property file. Save the file in the
<IncortaNode>/sso
directory. - Ensure that the single sign-on URL and other URL fields are your Incorta URL followed by
/!tenant_name/
. You must end the URL with the forward slash (/). For example:http://host/incorta/!tenant2/
- Set Name ID Format to EmailAddress.
- Ensure that the
loginName
attribute matches theloginName
used in your directory sync. - Select Sign-in, then Identity Provider metadata to download the configuration file.
Edit the Okta Configuration File
A sample file can be found in the same location as the readme file to be used as a reference of how the configuration file should look like after editing. The readme file location is: <Incorta_Home>/sso
.
Make the following changes in the configuration file:
- Wrap the
<md>
tag with the tags:<configuration>
,<applications>
, and<application>
. - Add
<default>OKTA_APP_URL</default>
directly under the tag<configuration>
, whereOKTA_APP_URL
is the same asentityID
. - Save the file.
Create a user in Okta
Use the following steps to create a user in Okta;
- Navigate to the Okta admin page.
- From the Directory tab, choose People.
- Select Add Person.
- Add the user information.
- Select Send user activation email now and select Add Person to send the user an activation email and set their password.
Assign an application to a user
Use the following steps to assign an application to a user.
- Navigate to the Okta admin page.
- From the Applications tab, select Applications.
- Select the applications to assign to the user from the Applications table.
- Select Assign Application.
- Select a user.
- Select Next and confirm.
Creating an Incorta Direct Data Platform User in Okta
- Create a user in the Incorta Direct Data Platform with the same username as the email address used to create the account in Okta. If the user email is not the same, the Incorta Direct Data Platform will not recognize the user and thus will not grant access to that user.
- To enable SSO login using the Tenant Management Tool (TMT) command, run the following command from the directory
<Incorta_Home>/tmt
:./tmt.sh -u <tenant_name> sso-login-enable true
. - Edit the file
<Incorta_Home>/server/conf/server.xml
. Before the<Host>
tag, add:<Valve className="com.incorta.sso.valves.OktaValve"
confFilesMap= "<TENANT_NAME>=<IncortaNode>/sso/<property-file-name>"
LoggingEnabled="true"/>
. - Restart the Incorta Analytics Service using the
./stopService.sh
and./startService.sh
commands.