This topic describes how to configure SAML-based single sign-on (SSO) authentication for Controller access with a particular identity provider, Okta. See SAML Authentication for general information about SAML integration.
How do I configure AppDynamics SAML settings for Okta?
- As an administrator or account owner in the Controller UI, access the Authentication Provider tab in the Administration settings. See SAML Authentication for information.
- Select SAML as the provider.
- In the Login URL field, enter the SAML Login URL from your Okta configuration. The SAML Login URL is the URL to the SSO service at the identity provider. The identity provider provides this URL to the Controller.
If you don't know your SAML Login URL, you can locate it in your Okta configuration:
a. Log in to your Okta account.
b. In the Applications tab, select your application.
c. Click View Setup Instructions.
d. The Identity Provider Single Sign-On URL setting in the Okta configuration is the URL to use for the Login URL in the AppDynamics SAML configuration.
- In the Logout URL field in the AppDynamics form, enter the URL to which the browser should redirect when the user logs out. This field is optional. It is used to redirect a user who logs out to an identity provider URL instead of to the AppDynamics login screen. You might want to redirect to the Okta login url.
- In the Certificate field in the AppDynamics form, paste the x.509 certificate from your Okta configuration between the BEGIN CERTIFICATE and END CERTIFICATE delimiters. Do not copy the BEGIN CERTIFICATE and END CERTIFICATE from the SAML x.509 certificate field.
To find your x.509 certificate in your Okta configuration, follow the Setup Instructions referenced above in Step 3. and scroll down to the x.509 Certificate.
- In the Default Roles section in the AppDynamics form, select the roles to grant to new users of the SAML-enabled controller by checking the Member checkbox for the role. You can select multiple roles within the list. See Roles and Permissions for information about roles and permissions.
The roles that you assign here will be granted to new users when they first log in to the SAML-enabled controller if those users have not been previously created directly in the Controller. Users created prior to SAML enablement retain their original roles.
You must grant at least one default role.
- Click Save.
Configure Okta Settings for AppDynamics
In your Okta account, configure the SAML SSO for AppDynamics.
- Log in to your Okta account.
- Click the Applications tab.
- Click Add Applications.
- Click Create New App.
- Select SAML 2.0 application.
- Click Create.
- Click General and use the wizard to configure these settings. Leave the rest at their default values.
|Single Sign On URL
||The location where the SAML assertion is sent with an HTTP POST
||URL of the assertion consumer; use Single Sign On URL
||URL where SAML response and assertion is consumed; use Single Sign On URL
||The intended audience of the SAML assertion
|Default Relay State
||A URL in AppDynamics where the user is redirected after successful login
For URL values, replace <controller_host> and <port> with the address and primary listening port for the Controller. For a SaaS Controller, the URL would be in the form