Okta Single Sign-on

This section explains how to configure SSO for user authentication with the PCE using Okta as your IdP.

Prerequisite for Okta SSO

Before you begin, make sure you have the following information from your Okta account: 

  • x.509 certificate
  • Remote Login URL
  • Logout Landing URL
NOTE:

Your PCE user account must have Owner or Admin privileges to perform this task.

Configure the PCE for Okta SSO 

  1. From the PCE web console menu, choose Access Management > Authentication.
  2. On the Authentication Settings screen, locate the SAML configuration panel and click Configure.
  3. Enter the following information: 

    • SAML Identity Provider Certificate: Paste your Okta x.509 certificate (in PEM text format):
    • Remote Login URL: Enter the Okta Remote Login URL.
    • Logout Landing URL: Enter the Okta Logout Landing URL.

  4. In the Information for Identity Provider section, choose the Access Level for the users who will use Okta to authenticate with the PCE. When you select No Access, SSO users from your Okta account will have to be added manually before they can log into the PCE. (For more information on PCE user permissions, see Role-based Access Control.)
  5. In the Information for Identity Provider section, make note of the following fields:

    • Issuer
    • Assertion Consumer URL

  6. Select the authentication method from the drop-down list:

    • Unspecified: Uses the IdP default authentication mechanism.
    • Password Protected Transport: Requires the user to log in with a password using a protected session.

  7. To require users to re-enter their login information to access Illumio (even if the session is still valid), check the Force Re-authentication checkbox. This allows users to log into the PCE using a different login than their default computer login and is disabled by default.

    NOTE:

    When SSO is configured both in Illumio Core and for the IdP, the preferences in Illumio Core are used. When SSO is not configured in Illumio Core, the default IdP settings are used.

  8. Click Save.
  9. Log into your Okta account.
  10. Select the Illumio Core app, select the General tab, and click Edit.

  11. Enter the values you copied from the Information for Identity Provider section of the PCE SSO Configuration page.

  12. Click Save.

    Your PCE is now configured to use Okta SSO for authenticating users with the PCE.