Create a Team with Advanced Server Access

Okta is the Identity Provider for every team and provides authentication for users in that team to log into Advanced Server Access.

Configuring a Team in Okta

1. After entering your contact information and choosing your team name, select the "Okta" option for the auth backend and click "Next". You should see a page that tells you what values to enter for "Base URL" and "Audience URI"

2. In a separate tab, log in to your Okta instance

3. Click the "AdminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page." button in the upper right corner

4. Go to your Applications page by clicking the “Applications” tab and selecting “Applications”

5. Click the “Add Application” button

6. Search for “ Advanced Server Access” and click the “Add” button

7. Here, the base settings are fine. You can set the "Application label," if you choose, then click "Done".

8. In order to complete sign up, you MUST assign your own user to the application. Go to the "Assignments" tab and click the "Assign" button. From the dropdown, select "Assign to People"

9. Find your user and click the "Assign" button.

10. Okta will ask you to choose a username. The default email address is fine for this. Click "Save and Go Back" then click "Done"


11. You should now see your user in the list view. Next we will continue with the SAMLAn acronym for Security Assertion Markup Language, SAML is an XML-based standard for exchanging authentication and authorization data between an identity provider (IdP) and a service provider (SP). The SAML standard addresses issues unique to the single sign-on (SSO) solution, and defines three roles: the end user, the IdP, and the SP. Here's how SAML works through Okta: SP-initiated flow: the end user requests (principally through a browser) a service from the SP. The SP requests and obtains an identity assertion from the IdP (in this case, Okta). On the basis of this assertion, the SP can decide whether or not to authorize or authenticate the service for the end user. IdP-initiated flow: with Okta as the IdP, an end user goes to the Okta browser and clicks on an app, sending a SAMLResponse to the configured SP. A session is established with the SP, and the end user is authenticated. setup. Click the "Sign On" tab

12. Click the "Edit" button

13. Here, you’ll fill in the information from Step 1 for the “Base URL” and “Audience Restriction", then click "Save"

14. From the “Sign On” tab, click the “View Setup Instructions" button

15. Follow the instructions on the "View Setup Instructions" page to setup your sshUserName attribute, if desired.

16. From this page, you will need the Login Provider SSOAn acronym for single sign-on. In a SSO system, a user logs in once to the system and can access multiple systems without being prompted to sign in for each one. Okta is a cloud-based SSO platform that allows users to enter one name and password to access multiple applications. Users can access all of their web applications, both behind the firewall and in the cloud, with a single sign in. Okta provides a seamless experience across PCs, laptops, tablets, and smartphones. URL, the Identity Provider Issuer, and the Identity Provider x.509 Certificate in PEM format

17. Back on the Advanced Server Access Signup page, enter each of the values from Step 15 in the corresponding place in the form and click “Authenticate With Okta”

18. Your team should now be successfully configured! When you log in to Advanced Server Access you will be redirected to Okta for authentication.

Note: When creating a team you are given "Team Administrator" permissions by default, and your users are added to the everyone group.