Configure SAML with Okta

Last modified: Thursday February 16, 2023.

Configure Okta as your SAML IdP for Alta Video.

Task — Create custom Okta attributes

  1. Log in to the Okta Admin Console.
  2. From within Okta, create a custom Okta user profile attribute. (See: https://help.okta.com/en/prod/Content/Topics/users-groups-profiles/usgp-add-custom-user-attributes.htm.)

    This custom attribute should be named appropriately, for example aware_user_group.

    Creating this custom attribute as an enumeration of the names of the user groups within the Aware system allows for easier selection of the correct group later.

  3. For each user requiring access via SAML, set the value of the custom attribute to the NAME of the Aware User Group they should be placed in for your Aware deployment (from Directory > People > <user> > Profile).

Task — Configure Okta IdP

  1. Log in to the Okta Admin Console.
  2. In Applications > Applications, click Create App Integration.
  3. Select SAML 2.0.
  4. Click Next.
  5. In Create SAML Integration > General Settings > App name, type Aware Cloud.
  6. Click Next.
  7. In Configure SAML > SAML Settings > Single sign-on URL, paste the ACS URL you obtained from Alta Video Cloud.
  8. In Audience URI (SP Entity ID), paste the Entity ID you obtained from Alta Video Cloud.
  9. To obtain User group information from SAML, configure the following attributes from Attribute statements:
    1. To configure the AvaAwareEmail name attribute:
      1. In the Name field, type AvaAwareEmail.
      2. In the corresponding Value menu, select user.email (leaving Name format set to Unspecified).
    2. To configure the AvaAwareUsername name attribute:

      This username will be used in the Aware system, it can be the user's email address or any other suitable unique identifier.

      1. Click Add Another.
      2. In the Name field, type AvaAwareUsername.
      3. In the corresponding Value menu, select user.email or your preferred login name attribute.
    3. (Optional) To configure the AvaAwareUserGroup name attribute:
      1. Click Add Another.
      2. In the Name field, type AvaAwareUserGroup.
      3. In the corresponding Value menu, select user.aware_user_group. The attribute value must correspond to at least one role in Alta Video Cloud.

        This mapping must be to a valid Alta Video Cloud User group.

      Okta General Settings

  10. Click Next.
  11. Click Finish.
  12. In the Sign on methods panel, click Identity Provider metadata.
    The metadata appears in your browser.
  13. Right-click the browser pane, and select Save as to create the IdP metadata file.
  14. Return to the task in Configure Alta Video to enable SAML single sign-on.