How to enable Okta for SSO

Have more questions? Submit a request
πŸ€“ Who can do this? You will need to be an admin user within Atlan to configure SSO. You will also need to work with your Okta administrator to carry out the tasks below in Okta.
🚨 Careful! SSO group mappings only trigger when a user first signs up. Please ensure you do all the configuration before onboarding any of the users. Otherwise, you will will need to remove all the users and restart the process.

To integrate Okta SSO for Atlan, complete the following steps.

Choose SSO provider (in Atlan)

To choose Okta as your SSO provider, within Atlan:

  1. From the left menu on any screen, navigate to Admin.
  2. Under the Workspace heading, click SSO.
  3. Under Choose SAML provider, select Okta and then click Configure.
  4. Under Service provider metadata, copy the Single sign on URL and Audience URI (SP Entity ID).

Set up SAML app (in Okta)

To set up a SAML app, within Okta's administration console:

  1. From the menu on the left, expand Applications and then click on Applications.
  2. At the top of the table, click the Create App Integration button.
  3. In the Create a new app integration dialog, select SAML 2.0 and then click Next.
  4. Under General Settings enter:
    1. For App name, enter a name for the application, such as Atlan.
    2. Click the Next button.
  5. Under SAML Settings - General enter:
    1. For Single sign on URL enter the value you copied from the field of the same name in Atlan above.
    2. Ensure Use this for Recipient URL and Destination URL is enabled.
    3. For Audience URI (SP Entity ID) enter the value you copied from the field of the same name in Atlan above.
  6. Under Attribute Statements (optional) define the following mappings from Name (Name format) on the left to Value on the right:
    1. firstName (Basic) β€”> user.firstName
    2. lastName (Basic) β€”> user.lastName
    3. email (Basic) β€”> user.email
    4. group (Basic) β€”> user.group
  7. Under Group Attribute Statements (optional) define the following mappings from Name (Name format) on the left to Filter on the right:
    • memberOf (Unspecified) β€”> Matches regex [\s\S]+
  8. At the bottom of the form, click the Next button.
  9. Under Help Okta Support understand how you configured this application select I'm an Okta customer adding an internal app and for App type enable This is an internal app that we have created.
  10. Click the Finish button.

Download Okta's metadata file (in Okta)

To download Okta's metadata file, within the Okta app's page:

  1. Open the Sign On tab.
  2. Under the SAML Signing Certificates heading, in the table, click the Actions link under the Actions column.
  3. From the drop-down, click View IdP metadata.
  4. Save the XML file, if it appears in plain text in your browser.

Assign users to the app (in Okta)

To assign users to the app, within the Okta app's page:

  1. Open the Assignments tab.
  2. At the top of the table, click the Assign button and select Assign to People.
  3. To the right of each user to whom you want to assign the application, click Assign and then Save and Go Back. Repeat this for each user to whom you want to assign the application.
  4. When finished, in the Assign Atlan to People dialog, click Done.

Upload Okta's metadata file (in Atlan)

To complete the configuration of Okta SSO, within Atlan:

  1. From the left menu on any screen, navigate to Admin.
  2. Under the Workspace heading, click SSO.
  3. Under Choose SAML provider, select Okta and then click Configure.
  4. To the right of Identity provider metadata click the Import from XML button.
  5. Select the XML file saved from Okta above.
  6. At the bottom of the screen, click Save.

Congratulations β€” you have successfully set up Okta SSO in Atlan! πŸŽ‰

πŸ’ͺ Did you know? By default, users can now log into Atlan with either Okta SSO or a local Atlan account (via email). To only allow logins via SSO, enable the Enforce SSO option in Atlan.
NOTE: If you've already set up your account on Atlan and you'd like to link it to your Okta account after this integration, please follow the following steps:
  • Logout from Atlan
  • Login to Atlan with Okta
  • You'll receive a verification mail to link your Atlan account with the Okta account
  • Confirm Account linking in the mail

(Optional) Configure group mappings

To automatically assign Okta users to Atlan groups based on their Okta groups, within Atlan:

  1. From the left menu on any screen, navigate to Admin.
  2. Under the Workspace heading, click SSO.
  3. Change to the Groups Mapping tab.
  4. To the right of each Atlan group listed:
    1. Under the SSO Groups column enter the name of the group in Okta to map to the Atlan group on that row.
    2. Click the Save button on that row.

As each user signs up to Atlan, they will be automatically assigned groups in Atlan based on these mappings! πŸŽ‰

Related articles

Was this article helpful?
1 out of 1 found this helpful