Okta

How to Configure SAML 2.0 for Luminate Secure Access Cloud

This setup might fail without parameter values that are customized for your organization. Please use the Okta Administrator Dashboard to add an application and view the values that are specific for your organization.


Read this before you enable SAML

Luminate Secure Access Cloud™ securely connects any user from any device, anywhere in the world to corporate resources hosted on-premises or in the cloud.

To configure and enforce access policies of Okta-based identities to applications, Luminate leverages Okta's API get users and groups from Okta (during policy assignment and calculation).

Contents

Supported Features

The Okta/Luminate Secure Access Cloud SAML integration currently supports the following features:

For more information on the listed features, visit the Okta Glossary.

Configuration Steps

  1. In Okta, navigate to Admin > Security > API > Tokens.

  2. Click Create Token:

    luminate1.png

  3. Enter a name for the token then click Create Token:

    luminate2.png

  4. Make a note of the Token value.

  5. Click OK, got it:

    luminate3.png

  6. Login to the Luminate Secure Access Cloud Admin Portal interface as an administrator.

  7. Navigate to Directory > Identity Providers.

  8. Click Add Identity Provider.

  9. Select the Okta option.

    luminate4.png

  10. A Create New Okta Identity Provider for opens. Enter the following:

    • Name: Enter Okta.

    • Okta Organization: Enter your Okta subdomain, then select your Okta domain from the dropdown list.

      For example, if you log into https://acme.okta.com/, your Okta Organization value is acme and your Okta domain is okta.com.

    • API Token: Enter your Token value from step 4.

    • Identity Provider Single Sign-On URL: Copy and paste the following:

      Sign into the Okta Admin Dashboard to generate this variable.

    • X.509 Certificate: Copy and paste the following:

      Sign into the Okta Admin Dashboard to generate this variable.

    • Domain Aliases: Enter a required domain alias.

      For example if your Okta email address is john.smith@acme.com, your Domain Alias is acme.com.

    • Click Save.

    luminate5.png

  11. Click the Instructions icon:

    luminate6.png

  12. Make a note of the Single sign on URL and Audience URI (SP Entity ID) values:

    luminate7.png

  13. In Okta, select the Sign On tab for the Luminate Secure Access Cloud SAML app, then click Edit.

    • Scroll down to the ADVANCED SIGN-ON SETTINGS section.

    • Enter the Single sign on URL and Audience URI (SP Entity ID) values (step 12) into the corresponding fields.

    • Click Save.

    luminate8.png

  14. Done!

Notes

The following SAML attributes are supported:

SP-initiated SSO

  1. Open your Luminate Secure Access Cloud login URL.

  2. Enter your email address into the corresponding field.

  3. Click the submit (>) button.

    4. luminate9.png