Knowledge Base

cancel
Showing results for 
Search instead for 
Did you mean: 

Configure SAML for Okta

This topic describes how to configure SAML-based single sign-on (SSO) authentication for Controller access with a particular identity provider, Okta. See SAML Authentication for general information about SAML integration.

 

Configure AppDynamics SAML Settings for Okta

 

  1. As an administrator or account owner in the Controller UI, access the Authentication Provider tab in the Administration settings. See SAML Authentication for information.
  2. Select SAML as the provider.
  3. In the Login URL field, enter the SAML Login URL from your Okta configuration. The SAML Login URL is the URL to the SSO service at the identify provider. The identity provider provides this URL to the Controller.

    authenticationprovider.png

    If you do not know your SAML Login URL, you can locate it in your Okta configuration:

    a. Log in to your Okta account.
    b. In the Applications tab, select your application.
    c. Click View Setup Instructions.
    d. The Identity Provider Single Sign-On URL setting in the Okta configuration is the URL to use for the Login URL in the AppDynamics SAML configuration.
  4. In the Logout URL field in the AppDynamics form, enter the URL to which the browser should redirect when the user logs out. This field is optional. It is used to redirect a user who logs out to an identity provider URL instead of to the AppDynamics login screen. You might want to redirect to the Okta login url.
  5. In the Certificate field in the AppDynamics form, paste the x.509 certificate from your Okta configuration between the BEGIN CERTIFICATE and END CERTIFICATE delimiters. Do not copy the BEGIN CERTIFICATE and END CERTIFICATE from the SAML x.509 certificate field.
    To find your x.509 certificate in your Okta configuration, follow the Setup Instructions referenced above in Step 3. and scroll down to the x.509 Certificate.
  6. In the Default Roles section in the AppDynamics form, select the roles to grant to new users of the SAML-enabled controller by checking the Member check box for the role. You can select multiple roles in the list. See Roles and Permissions for information about roles and permissions.
    The roles that you assign here will be granted to new users when they first log in to the SAML-enabled controller if those users have not been previously created directly in the Controller. Users created prior to SAML enablement retain their original roles.
    You must grant at least one default role.
  7. Click Save.

 

Configure Okta Settings for AppDynamics

In your Okta account, configure the SAML SSO for AppDynamics. 

 

  1. Log in to your Okta account.
  2. Click the Applications tab.
  3. Click Add Applications.
  4. Click Create New App.
  5. Select SAML 2.0 application.
  6. Click Create.
  7. Click General and use the wizard to configure these settings. Leave the rest at their default values.
Setting Value Description
Single Sign On URL https://<controller_host>:<port>/controller/saml-auth?accountName=<your_okta_account_name> The location where the SAML assertion is sent with an HTTP POST
Recipient URL https://<controller_host>:<port>/controller/saml-auth?accountName=<your_okta_account_name> URL of the assertion consumer; use Single Sign On URL
Destination URL https://<controller_host>:<port>/controller/saml-auth?accountName=<your_okta_account_name> URL where SAML response and assertion is consumed; use Single Sign On URL
Audience Restriction https://<controller_host>:<port>/controller/saml-auth?accountName=<your_okta_account_name> The intended audience of the SAML assertion
Default Relay State https://<controller_host>:<port>/controller/ A URL in AppDynamics where the user is redirected after successful login
Response Signed  
Assertion Signature Signed  
authnContextClassRef PasswordProtectedTransport  
Request Compression Uncompressed

 

For URL values, replace <controller_host> and <port> with the address and primary listening port for the Controller. For a SaaS Controller, the URL would be in the form https://<your_org>.saas.appdynamics.com

Version history
Revision #:
3 of 3
Last update:
4 weeks ago
Updated by:
 
Labels (1)
Tags (3)