Configuring SSO with Okta
Netography Configuration
Netography’s SAML and your Identity Provider settings need to be configured in parallel. To start, log in to your Netography account as an administrator.
- Navigate to Settings > Global Security/SSO and enable SAML Single Sign-on:
- Copy the Assertion consumer service (ACS) URL in the SAML Single Sign-On Settings page that appears.. It will be needed as input into Auth0 later.
Okta Walkthrough
Screenshot dates: 4/2022
- Navigate to Applications. Click Create App Integration and choose SAML 2.0.
-
Provide the application name and logo. In the General Settings section, enter the following values into the corresponding fields:
- App name: Netography
- App logo (optional): https://netography.com/wp-content/uploads/2020/02/neto-logo-dark-400px.png
-
Lookup/Copy SAML Integration values. You will need to reference the following information from the Netography portal: Assertion Consumer Service, Entity ID, and account shortname. These values are found in the Netography Service Provider Settings section in the Essentials area in SAML Single Sign-On Settings:
-
In Okta, configure the General SAML Settings.
- Single sign on URL: Constructed using your account shortname. This URL will be the following: https://fusion.netography.com/sso/<shortname. Replace
<shortname>
with your company's identifier. This can be found in the upper right (just under your name, in red) of the Netography portal. - Use this for Recipient URL and Destination URL: uncheck
- Allow this app to request other SSO URLs: check
- Requestable SSO URLs: Paste the Assertion consumer service URL found in the Netography portal
- Recipient URL: Paste the same Assertion consumer service URL as above
- Destination URL: Paste the same Assertion consumer service URL as above
- Audience URI (SP Entity ID): Paste the Entity ID found in the Netography portal
- Single sign on URL: Constructed using your account shortname. This URL will be the following: https://fusion.netography.com/sso/<shortname. Replace
-
Configure SAML attributes.
- Fill the Attribute Statements section by completing the fields as indicated below:
- Fill the Group Attribute Statements section by completed the fields as indicated below:
!!! Note
You will need to assign users to these groups.
- Configure the application type by completing the fields as indicated below and click Finish.
- Download the metadata file. You'll need to upload this to Netography when you configure Okta as the identity provider.
Netography Post-Configuration
- Return to the Netography portal, and upload the metadata file to Netograph in the Metadata section in the Provider screen in the SAML Single Sign-On Settings page
- Click Next
- Now configure the User attribute mappers to match the mapper values configured in Auth0 above:
-
Click Next.
-
Next configure the Default user role and role mappers:
- Default user role: This is the role an IDM-authenticated user will default to if the role mappings are not found in the SAML exchange. For security purposes, we recommend setting this value to "readonly", but you may want to set this to "admin" as you are testing your configuration.
- Admin role mappers: Configure these according to the screenshot below:
- Click the Save button.
Done! Now your users can log in directly via your identity provider using a new account-specific login URL. The new SSO Login URL can now be found under the Essentials settings in the SAML Single Sign-On Settings page.
The default login will still work for your account administrator, which is not bound to your IDM.
Note: The corresponding internal account in the Netography Portal needs to be deleted first, as configuring the Okta SSO setup will show an error box will appear when a user logs in Okta if they already had an internal portal account with the same name.
Updated about 1 month ago