Configuring Single Sign On for FedRAMP

    Single sign on is supported using SAML 2.0 authentication. Instead of relying on local authentication for passwords and security policies, users may set their own authentication using a managed Identity Provider.

     

    ​Preparing Okta for Integration with Own​​

    1. Open Okta.
    2. Navigate to the ​Applications​​ page.
    3. Click ​Create App Integration.
    4. Select ​SAML 2.0​ and click ​Next.
    5. Enter an ​App name​​, change the ​App logo​ if desired, and click ​Next.
    6. In the ​SAML Settings​ window, enter the following information and click ​Next​:
      • Single sign-on URL:​​ https://us2.ogc-ownbackup.com/saml/consume
      • Audience URI (SP Entity ID):​​ https://sso-us2.ogc-ownbackup.com
      • Name ID format:​ Select ​EmailAddress​​ from the drop-down list.
      • Application username:​ Select ​Email​​ from the drop-down list.

    1. Select the Feedback option that applies and click ​Finish​​. The newly created app is automatically displayed.
    2. Select the ​Assignments​​ tab and assign users to the application.
    3. Select the ​Sign On​ tab to view the SAML 2.0 connection information required for enabling single sign on. On the right of the page, click ​View SAML setup instructions.
    4. A configure page opens. Download the ​X.509 Certificate​ and copy the ​Identity Provider Issuer.
    5. Test the new app by using the ​Identity Provider Single Sign-On URL​​ and move on to enabling single sign on.​

     

    Enabling Single Sign On

    1. Log in to the Own Data Platform.
    2. Navigate to the Account Options menu and click ​Account Settings.
    3. On the Account Settings page, select the ​Security​​ tab.
    4. Select ​Single Sign On (SSO)​​ and enter the following information:
      • ​Identity Provider name:​​ Provide a name for the single sign on provider.
      • SAML issuer:​ Enter the Okta ​Identity Provider Issuer​​.
      • Certificate fingerprint:​ Ensure the downloaded certificate has a ​.pem​ file extension and click ​Upload certificate...​​ to add the certificate.
      • Logout URL:​​ Provide the URL for a webpage to display after logging out.
    5. Click ​Save Changes to enable single sign on and complete the process.
    « Previous ArticleNext Article »