Knowledge base
Training

Administer Local Identity Providers

Concepts

Identify Providers provide:

  • Identity federation between Access Gateway and Okta tenants/local identity providers.
  • Services such as:
    • Authorization and authentication support.
    • Application data for identification and policy decisions.

     

Local Identity Providers can be used in the absence of an Okta orgThe Okta container that represents a real-world organization. IdPAn acronym for Identity Provider. It is a service that manages end user accounts analogous to user directories such as LDAP and Active Directory, and can send SAML responses to SPs to authenticate end users. Within this scenario, the IdP is Okta.. For example because of a network outage.

ClosedAdding a Local idP

To Add a local idP:

  1. In your browser, navigate to the Access Gateway AdminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page. UI and sign in.
  2. Select the Settings tab,
  3. Click the Identity Providers pane.
  4. Click the + button, and Select Local SAMLAn acronym for Security Assertion Markup Language, SAML is an XML-based standard for exchanging authentication and authorization data between an identity provider (IdP) and a service provider (SP). The SAML standard addresses issues unique to the single sign-on (SSO) solution, and defines three roles: the end user, the IdP, and the SP. Here's how SAML works through Okta: SP-initiated flow: the end user requests (principally through a browser) a service from the SP. The SP requests and obtains an identity assertion from the IdP (in this case, Okta). On the basis of this assertion, the SP can decide whether or not to authorize or authenticate the service for the end user. IdP-initiated flow: with Okta as the IdP, an end user goes to the Okta browser and clicks on an app, sending a SAMLResponse to the configured SP. A session is established with the SP, and the end user is authenticated. IDP.
  5. Enter the following fields:

    Field

    Description

    Example

    Name

    Required. Unique name that identifies the IDP. Display in the list of IDPs

    My Local IDP

    Host

    Required. A unique access Gateway hosted domainA domain is an attribute of an Okta organization. Okta uses a fully-qualified domain name, meaning it always includes the top-level domain (.com, .eu, etc.), but does not include the protocol (https).. Must not match any others

    idp.domain.tld

    Cookie Domain

    Required. A unique Access Gateway hosted domain name. This must not match existing Access Gateway domain names.

    domain.tld

    Default Auth Module

    Required. A previously created auth module

    See Administer Auth Modules for more information.

    Name Attribute

    Required. Attribute to be obtained from the remote Active DirectoryActive Directory (AD) is a directory service that Microsoft developed for the Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was only in charge of centralized domain management.

    email

    Name Attribute Format

    Required. Defines the Name Format used in the SAML assertion. Select one of the values from the drop down list.

    Email address

  6. Click Okay to complete creation of the IDP or Cancel to cancel.
  7. After any creation of update all Identify Providers will be validated. Valid identify provider will show status Valid ().
Top

© 2020 Okta, Inc All Rights Reserved. Various trademarks held by their respective owners.