Important Update: Archer Community Scheduled Maintenance on November 23–24 - New Community Launching Soon! Learn More..

This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
No ratings

Configure SAML 2.0 Using Okta as Identity Provider

Kb-Sync
Collaborator III

‎2024-10-09 04:13 PM - edited ‎2024-10-10 10:13 AM

Applies To


Product(s): Archer
Version(s): All Versions
Primary Deployment: On Premises

Description


This article explains how to setup SAML 2.0 using Okta as the Identity Provider.

Cause


Instructions needed for setting up SAML 2.0 using Okta as the Identity Provider.

Resolution


Pre-Requisites:
  • An On-Prem Archer Installation.
  • Okta set up.
How To Perform Setup:
Okta Configuration:
  1. Login to your Okta account
  2. The Home Page will open.
0EMVM00000B6NRs.png0EMVM00000B6NRs.png
  1. Navigate to Admin > Dashboard
0EMVM00000B6gCj.jpg0EMVM00000B6gCj.jpg
  1. From the Shortcuts menu, click on Add Applications. The Add Applications window is opened.
0EMVM00000B6dA2.jpg0EMVM00000B6dA2.jpg
  1.  Click on Create New App. The Create a New Application Integration dialog is displayed. In the Sign on method field select SAML 2.0 and click Create.
0EMVM00000B6hFF.jpg0EMVM00000B6hFF.jpg
  1. The Create SAML Integration window is displayed and opens at the General Settings tab. In the App Name field, enter a name and click Next.
0EMVM00000B6hOv.jpg0EMVM00000B6hOv.jpg

  1. The Configure SAML tab is displayed.
    a. Enter the Archer SAML URL into the Single sign on URL field. eg: Base URL/Saml.aspx
    b. Enter an Identifier name into the Audience URI (SP Entity ID) field.
    c. Under Attribute Statement, add below attributes:
        i. Name - FirstName
          Value - user.firstName
       ii. Name - LastName
           Value - user.lastName
    0EMVM00000B6UjT.jpg0EMVM00000B6UjT.jpg

    8. Click on Next. The Feedback tab is displayed.
        a. Select 'I'm an Okta customer adding an internal app' under Are you a customer or partner?
        b. Select 'This is an internal app that we have created' under App type.
    0EMVM00000AVW4H.png0EMVM00000AVW4H.png

    9. Click on Finish.
    10. Navigate to Directory > People and click on Add Person. Add Person dialog box is displayed.
    11. Enter First Name, Last Name, Username and select Set by admin under Password and set some password. Then, click on Save.
    0EMVM00000AVYZ7.png0EMVM00000AVYZ7.png

    12. Navigate to Applications. Select the application created above and click on Assignments tab.
    13. Click on Assign then Assign to People. Click on Assign next to the user and click on Done
    .

0EMVM00000AVVEg.png0EMVM00000AVVEg.png
 

14. Under the application created above, click on Sign On tab.
15. Under Settings > Sign On Methods, click on View Setup Instructions. The How to Configure SAML 2.0 for <Application name created above> Application page is opened.
16. Under Optional section, IDP Metadata is shown. Copy this and save the contents as an XML file.
0EMVM00000AVT1a.png0EMVM00000AVT1a.png
17. Copy this metadata file to the Archer environment.
 

Archer Configuration:
1. In Archer Control Panel, open the instance for which SSO has to be configured.
2. In the Single Sign-On tab, select SAML for Single Sign-On Mode.
3. In Instance Entity ID, enter the value provided in the Audience URI (SP Entity ID) field of the SAML configuration in Okta.
4. In the Archer environment, search for Manage Computer Certificates. cerlm window is opened. In that window navigate to Personal > Certificates > Double click on Archer Configuration certificate. The certificate window is opened. Click on Details tab in that window. Scroll for Thumbprint and copy that value into the Archer Control Panel to the Certificate Thumbprint field.
0EMVM00000AVJn1.png0EMVM00000AVJn1.png

5. Under Identity Providers, enter some name for Realm and Display Name. For IDP Metadata select the Metadata file copied from Okta to Archer environment.
6. Select Enable User Provisioning and Enable User Update.
7. Enter some value for Default First Name, Default Last Name and Default User Role.
8. Click on + next to the Identity Provider and then Save All the ACP changes.
0EMVM00000AVlg1.png0EMVM00000AVlg1.png

 
 
 
 

Notes


For Group Update ACP Config:
1. Create group in Okta - Navigate to Directory > Group and click on Add Group. Provide group name(Ex: ArcherGroup) and description then click on Add Group.
2. Assign group to user - Click on created group (ArcherGroup) > Manage People > select user and click on Save.
3. Mapping Group -
  a. Navigate to Applications > select your Application(Archer)
  b. Under General tab edit SAML settings and click on Next
  c. Under Group Attribute Statements, add below attributes:
   i. Name - Group
      Name Format - Unspecified
      Filter - Contains: Group
  d. Click on Next > Finish.

0 Kudos
Version history
Last update:
‎2024-10-10 10:13 AM
Updated by: