To use Okta as an IdP to authenticate the Akeyless Platform, you need to follow the below steps.

Create an Okta application

The following configuration will enable users to authenticate using Okta SAML-based Single Sign-On.

  1. Create a new app integration type SAML 2.0 in your Okta account.
965965

Specify app name:

10431043
  1. On the SAML Settings page:
10681068
  • In the Attribute Statements section, add the following attributes:
    • Name: email,
    • Value: user.email
      And:
    • Name: user,
    • Value: user.login
  • In the Group Attributes Statements section, add the following attributes:
    • Name: groups
    • Filter: Matches regex
    • Value: .*
774774
  1. On the Feedback page, select “I'm an Okta customer adding an internal app”,
    and click “Finish”.
921921
  1. You can either obtain your IDP Metadata URL by clicking on the Actions menu of the Active "SAML Signing Certificate" and copy the URL from the View IDP Metadata button.
    Alternatively, you can obtain the IdP Metadata XML, by clicking on "View SAML setup instructions", and in the new tab that opens, scroll all the way down and copy the full IDP metadataXML under the Optional section.
10401040
  1. Now, when an Okta Application is ready, assign users to the Okta app, just like with any other Okta app.

  2. To bind the Okta application with your Akeyless account, you need to create a SAML Authentication Method using either CLI or UI, as described below.

Create SAML Authentication Method - CLI

akeyless create-auth-method-saml --name 'my Okta app' --idp-metadata-url 'https://dev-75.okta.com/app/exkpyd5Y112/sso/saml/metadata'

Create SAML Authentication Method - UI

Click on Auth Methods -> New -> SAML:

11041104

Please use the link from the above step 4 in the IDP Metadata URL.

891891

Login with Okta - CLI

  1. You should configure a new profile with your Access-ID from the previous step and SAML type (if no profile name is provided the default will be configured):
akeyless configure --access-id p-ki544e6n19gh --access-type saml --profile 'okta-app'
  1. Now, you can run any Akeyless CLI command and be authenticated with Okta application:
akeyless list-items --profile okta-app

Login with Okta - UI

In the Akeyless Vault login page switch the sign-in with SAML and enter your SAML Access-ID:

19041904

You will be redirected to the Okta sign-in where you need to provide your Okta credentials:

679679