SSO JIT Provisioning OKTA - test images

In this topic:

    Configure Okta to send the groups:

    1.  In OKTA, go to the Admin panel.
      Set_SSO_JIT_Provisioning_on_OKTA.png


    2. Add a Group on OKTA
    3. Click on "Add Group".
    4. Set a name for the group (remember the name as you will need it later).
    5.  Add New Application
    6. Create a New App
      Set_SSO_JIT_Provisioning_on_OKTA-create-new-app.png

    7. Select WEB + SAML 2.0, then click Next.
    8. Set the App name, then click Next.
    9. Set the following parameters :
      • The "Name-up-select" can be changed to any name.
      • The Name in the "GROUP ATTRIBUTE STATEMENTS" (memberOf) can be set to any name you choose
        SSO-JIT-parameters.png


    10. Click Next and Finish.
    11. Click on the View Setup Instructions button.
      Set_SSO_JIT_Provisioning_on_OKTA-view-setup-instr.png


    12. Login to Dome9 and select Account Settings.
    13. Select the SSO tab.
      Set_SSO_JIT_Provisioning_on_OKTA-SSO-tab.png

    14. Click Enable.
    15. Click Enable and add the following data in the relevant fields:
      • In the "Account ID" enter the value that you entered instead of "Name-up-select"
      • In the "Issuer" enter the Identity Provider Issuer from OKTA.
      • In the "Idp endpoint url" enter the Identity Provider Single Sign-On URL from OKTA.
      • In the "X.509 Certificate" enter the X.509 Certificate from OKTA.
      • Click the "Just-in-time provisioning for the account" checkbox.
      • In the "Attribute name in SAML for just-in-time role" add the name that you entered instead of the "member Of"
      • Click Save.
    16. Assign the group that you created in step 4 to the application.
    17. Select the Roles menu.
    18. Create a role with the same name as the name of the group that you created in OKTA.