Okta SAML 2.0 SSO Integration

Setting up Okta for AIR (Available from AIR 4.1)

  1. Sign in to the Okta Admin Dashboard.

  2. Click the “Applications” button in the left menu.

  3. Click Create App Integration.

    Create ApOkta SAML 2.0 SSO Integrationp Integration: Fig1
  4. Select SAML 2.0 as a sign-in method and click the “Next“ button

Create ApOkta SAML 2.0 SSO Integrationp Integration: Fig2
  1. Name your application, and upload a logo (logo is optional), and click the “Next” button

Create ApOkta SAML 2.0 SSO Integrationp Integration: Fig3
  1. Enter your domain name followed by this callback at the end of the path: /api/auth/sso/okta/callback. For example: <https://<your-domain-name>>/api/auth/sso/okta/callback

Create ApOkta SAML 2.0 SSO Integrationp Integration: Fig4
  1. Fill in the Attribute Statements section as follows:

Create ApOkta SAML 2.0 SSO Integrationp Integration: Fig5
  1. On the next page, click the first option, and then click the “Finish” button.

    Create ApOkta SAML 2.0 SSO Integrationp Integration: Fig6
  2. Go to the “Profile Editor” page under the “Directory“ section and click the name of the latest created app.

    Create ApOkta SAML 2.0 SSO Integrationp Integration: Fig7
  3. In the “Attributes” section, click the “Add Attribute” button.

Create ApOkta SAML 2.0 SSO Integrationp Integration: Fig8
  1. Select “string array“ as the data type.

  2. Enter a name and description for the attribute.

  3. Enter “roleTags“ as the variable name.

  4. Click the “Define enumerated list of values“ checkbox.

  5. Click the “Attribute required“ checkbox.

    Create ApOkta SAML 2.0 SSO Integrationp Integration: Fig9
  6. Give a display name of your new role and enter the corresponding “Tag” of the role that you want to map within the AIR Console into the “Value” field. For example, the “global_admin”, which is the tag of the Global Admin role in AIR Console, is used for the “Value” section.

    Then click save. \

    Create ApOkta SAML 2.0 SSO Integrationp Integration: Fig10
  7. Navigate back to the “Applications“ page. Click the name of the app. Then go to the “Assignments” tab.

  8. Click the “Assign to People” button under the “Assign“ dropdown.

    Create ApOkta SAML 2.0 SSO Integrationp Integration: Fig11
  9. Click the “Assign” button that you want to assign to.

Create ApOkta SAML 2.0 SSO Integrationp Integration: Fig12
  1. Leave the user name field as is and select the roles of the user. And click the “Save and Go Back“ button.

Create ApOkta SAML 2.0 SSO Integrationp Integration: Fig13
  1. Go to the “Sign On” tab and click “More Details“

Create ApOkta SAML 2.0 SSO Integrationp Integration: Fig14
  1. Sign in to the AIR Console.

  2. Navigate to the “Settings” page, then click the “Security” section.

  3. Enable Okta by clicking the switch button.

    Create ApOkta SAML 2.0 SSO Integrationp Integration: Fig15
  4. Fill in the required fields according to the Sign on tab in the Okta

Create ApOkta SAML 2.0 SSO Integrationp Integration: Fig16
  1. Click Save settings

  2. The “Sign in with OKTA” button should appear on the AIR Console login page. Once you click this button, you will navigate to the Okta login page to authenticate your access. Once you are authenticated, you will be redirected back to the AIR console.

After configuring Single Sign-On (SSO), it is mandatory to retain at least one local user account. This is essential because if the SSO URL expires or any configuration changes occur on the SSO provider's side, you will need access to a local account to log into the AIR Console and update the SSO settings.

Maintaining a local user account acts as a safety net, ensuring continued access to critical administrative functions within AIR, even in scenarios where the SSO functionality is temporarily unavailable.

Last updated

Was this helpful?