To use Okta as an IdP to authenticate the Akeyless Platform, you need to follow the below steps.
The following configuration will enable users to authenticate using Okta SAML-based Single Sign-On.
- Create a new app integration type SAML 2.0 in your Okta account.
Specify app name:
- On the SAML Settings page:
- Set "https://auth.akeyless.io/saml/acs" into the Single sign-on URL field.
- Set "https://auth.akeyless.io/saml/metadata" into the Audience URI (SP Entity ID) field.
- In the Attribute Statements section, add the following attributes:
- Name: email,
- Value: user.email
- Name: user,
- Value: user.login
- In the Group Attributes Statements section, add the following attributes:
- Name: groups
- Filter: Matches regex
- On the Feedback page, select “I'm an Okta customer adding an internal app”,
and click “Finish”.
- You can either obtain your IDP Metadata URL by clicking on the Actions menu of the Active "SAML Signing Certificate" and copy the URL from the View IDP Metadata button.
Alternatively, you can obtain the IdP Metadata
XML, by clicking on "View SAML setup instructions", and in the new tab that opens, scroll all the way down and copy the full IDP metadata
XMLunder the Optional section.
Now, when an Okta Application is ready, assign users to the Okta app, just like with any other Okta app.
To bind the Okta application with your Akeyless account, you need to create a SAML Authentication Method using either CLI or UI, as described below.
akeyless create-auth-method-saml --name 'my Okta app' --idp-metadata-url 'https://dev-75.okta.com/app/exkpyd5Y112/sso/saml/metadata'
Click on Auth Methods -> New -> SAML:
Please use the link from the above step 4 in the IDP Metadata URL.
- You should configure a new profile with your Access-ID from the previous step and SAML type (if no profile name is provided the default will be configured):
akeyless configure --access-id p-ki544e6n19gh --access-type saml --profile 'okta-app'
- Now, you can run any Akeyless CLI command and be authenticated with Okta application:
akeyless list-items --profile okta-app
In the Akeyless Vault login page switch the sign-in with SAML and enter your SAML Access-ID:
You will be redirected to the Okta sign-in where you need to provide your Okta credentials:
Updated 3 months ago