Okta

How to Configure SAML 2.0 for Vera

Case 1: For groups not using Group Push

  1. Copy the following IDP Metadata and save as an xml file:
     
  2. Log in to your Vera account.
  3. Navigate to the Settings page:
    “veradocs1.png"

  4. On the Settings page, navigate to the Internal Authentication section.

  5. Enter the following values into the corresponding fields (see screen capture at end of step for reference):
    • Authentication type: SAML
    • SAML Metadata: Click Choose file, and upload the xml file you saved in step 1.
    • Copy the following into the Login URL field:Sign into the Okta Admin Dashboard to generate this variable.
    • Copy the following into the Logout URL field:Sign into the Okta Admin Dashboard to generate this variable.
    • Email attribute: Enter user.userName
    • Groups attribute: Leave the default values.
    • Internal Domains and Users: Enter the domain name  of the username that will be using SAML to access the account.
      For example, if the username is johnDoe@MyCompany.com, enter MyCompany.com in this field.
      Or, you can also manually enter the usernames of all the users who will be using SAML under the Users section.

      “veradocs2.png"
  6. Click Save in the top right corner.
    “veradocs3.png"
  7. Done!

Case 2: With groups using Group Push

  1. Sign into Okta and create a Template SAML 2.0 App
  2. Enter the following values to the following fields in the General Settings for the new Template SAML 2.0 App.  See the screen shots in line for reference.
    • Application label: The name that will appear under the app on the Vera home page.
    • Post Back URLhttps://<yourSubDomain>.vera.com/api/req/verify
    • Name ID Format: EmailAddress
    • Recipienthttps://<yourSubDomain>.veradocs.com/api/auth/req/verify
    • Audience Restriction: https://<yourSubDomain>.vera.com/api/auth/req/verify
    • authnContextClassRefPasswordProtectedTransport
    • Response: Signed
    • Assertion: Signed
    • Request: Uncompressed
    • Destinationhttps://<yourSubDomain>.vera.com/api/auth/req/verify
    • Default Relay State: Leave this field empty. “veradocs4.png"
    • Attribute Statements: Leave this field empty.
    • Group Name: Enter the group names that you would like to pass from Okta to Vera
    • Group filter:  Enter an expression that will be used to filter groups. For example: app1.* includes all groups prefixed with the string app1. This field accepts regular expression syntax
    • Application Visibility: Leave unchecked “veradocs5.png"
  3. Select Save.
  4. Assign the application to a user, then click Done.
  5. Select the Applications > Sign On tab then select View Setup Instructions. Scroll down to the Configuration Data section to retrieve the data you'll need for the next step.
  6. Login to your Vera account, and follow the instructions outlined in Case 1: For groups not using Group Push above, except use the data in the setup instructions you just opened for the values for Login URL, Logout URL, and so on.
  7. Done!

    Notes:

    SP-initiated flows and Just in Time (JIT) provisioning are supported.

    IDP-initiated flows are not supported.