The Okta/Illumio SAML integration currently supports the following features:
For more information on the listed features, visit the Okta Glossary.
Login to your Illumio ASP.
From the navigation menu, go to: Settings > Single Sign-On Configuration:
Select SAML, then click Configure:
Click Edit, then follow the steps below:
SSO method: Select SAML.
SAML Identity Provider Certificate: Copy and paste the following:
Sign into the Okta Admin Dashboard to generate this variable.
Remote Login URL: Copy and paste the following:
Sign into the Okta Admin Dashboard to generate this variable.
Logout Landing URL: Copy and paste the following:
Sign into the Okta Admin Dashboard to generate this variable.
Authentication Method: Select Password Protected Transport.
Force Re-authentication (OPTIONAL): Check this option to enable Force Authentication.
Issuer: Make a copy of this value.
Assertion Consumer URL: Make a copy of this value.
Click Save:
In Okta, select the Sign On tab for the Illumio app, then click Edit.
Enter the Assertion Consumer URL and Issuer values you made a copy of in step 4 into the corresponding fields.
Click Save:
Optional: Group Attribute Steps: To send groups as a part of SAML assertion, in Okta select the Sign On tab for the Illumio ASP app, then click Edit.
Select the appropriate filter from the drop-down menu, then type the preferred value into the field.
Click Save.
Note: To send all groups a user is assigned to, select Regex and type .* (dot and star sign).
The following SAML attributes are supported.
| Name | Value |
|---|---|
| Email Address | user.userName |
| User.FirstName | user.firstName |
| User.LastName | user.lastName |
| User.MemberOf | This is configured in the app UI; see Group attribute instructions (step 6) above. |
Go to [your-Issuer] URL.
Enter your username or email, then click Log In.
In Okta, select the Sign On tab for the Illumio ASP SAML app, then click Edit.
Uncheck Disable Force Authentication.
Click Save:
Check Force Re-authentication in step 4 of the Configuration Steps above