Skip to main content

Configuring Authentication for the Console via OKTA (SAML)

  • Updated

Version(s)

  • Capsule8 Console version 4.4.1+

Steps:

To configure SAML in Okta follow steps from the integration guide 

The SAML configuration values for <your-console-host> are:
 

1. Configure "General" section

oktasaml1.png

Click on "Show Advanced Settings"

2. Configure "Advanced Settings" section
oktasaml2.png

 

Click "Browse" on "Signature Certificate" and select your existing Console's crt file and then "Upload Certificate". 

3. Configure "Attribute Statement" section

oktasaml3.png

 

The names values required are:

 After setting up Okta, change the following configuration variable set on the configuration file.

An example configuration file:

console:
  #...
  auth_saml_okta_enabled: true
  auth_saml_console_host: 0.0.0.0:80
  auth_saml_local_cert_file_path: /path/to/cert
  auth_saml_metadata_url: https://dev-326354.okta.com/app/exkplucpmmntKXezz4x6/sso/saml/metadata
  tls_cert_path: /path/to/cert
  tls_key_path: /path/to/key
  auth_saml_insecure_skip_verify : false
  • console.auth_saml_okta_enabled needs to be set to either true or false to turn Okta integration on or off, respectively.
  • Set the following variable console.auth_saml_console_host to where your Console's API is running, represented as <your-console-host> in the previous steps. By default it's the same value as  console.address .This is done so Okta can resolve your Console's location.
  • console.auth_saml_local_cert_file_path should point to the path of Okta Certificate file. To get it click "Download Okta Certificate" on Okta configuration page. 
    oktasaml35.png
  • For self-signed certificate,console.auth_saml_insecure_skip_verify should be set to True. But we do not recommend using self-signed certificate outside of testing.
    console.auth_saml_metadata_url should be set to your relying party trust metadata endpoint. This value is available in the Okta's "Sign On" settings page. Just copy the address of the "Identity Provider metadata" link
    oktasaml4.png
  • If you want to override the default self-signed certificate shipped with the console, set the following variable to the corresponding file:
    console.tls_cert_path is your existing Console's crt file.
    console.tls_key_path is your Console's private key file.
    console.auth_saml_insecure_skip_verify is set to False by default and should be set to False. 
Was this article helpful?
0 out of 0 found this helpful
Return to top

Related articles

Comments

0 comments

Please sign in to leave a comment.