Configuring with Okta
From your Okta's Administrative account, click on Applications from the top menu, and then click Add Application. From the left menu click on the Create New App button.
For the Platform option, select Web.
For the Sign on method, select SAML 2.0.
Then click Create.
On the next screen, we need to supply some basic information for the application.
For the App Name, provide a friendly name for the NAAservice, e.g. Access Anywhere. Optionally you can also provide an App logo that users would recognize.
Click Next.
On the SAML settings screen we want to configure the fields as follows:
- Single sign on URL - This should be the URI of your Access Anywhere server, appended by “/saml.htm”. For example “https://files.example.com/saml.htm”
- Audience URI - This should be the URI of your Access Anywhere server, e.g. “https://files.example.com”
- Default RelayState - This should be left blank
- Name ID format - Select Email Address
- Application username - Select Okta Username
Under Show Advanced Settings:
- Tick Enable Single Logout
- In Single Logout URL enter the value you entered in Audience URI
- In SP Issuer enter the value you entered in Audience URI
- From the Signature Certificate upload the Signing Certificate that can be obtained from your Access Anywhere appliance Auth System configuration screen.
Under Attribute Statements configure the mappings as follows:
- Name “email”, Name format “basic”, Value
user.email
- Name “fullname”, Name format “basic”, Value
user.firstName + " " + user.lastName
- Name “username”, Name format “basic”, Value
user.login
Under Group Attribute Statements, you will need to choose which groups need to be exposed to Access Anywhere.
A Groups Entry will need to be added with a name of “groups”. The Value is dependant on what you would like to expose to Access Anywhere. Some examples are below:
- Contains: IT - Matches groups containing the word “IT”
- Regex: “^.*$” - Matches all groups
Follow the on-screen steps to save the changes.
On the Application Details screen, under Sign On, click the View Setup Instructions button.
Configure Access Anywhere following the instructions at Configuring a SAML Auth System using the settings below:
- The Service provider entity ID - The URI entered earlier from the Audience URI field
- SSO entry point - Enter the Identity Provider Single Sign-On URL found on the Okta setup instructions screen
- The logout service endpoint - Enter the Identity Provider Single Logout URL found on the Okta setup instructions screen.
- x509 Certificate - Enter the X.509 Certificate found on the Oka setup instructions screen
Before users are able to access the Okta application, Users or Groups must be assigned the application for it to be available to them.
Your Okta setup with the Access Anywhere server is now complete.