This is an Early AccessEarly Access (EA) features are opt-in features that you can try out in your org by asking Okta Support to enable them. Additionally, the Features page in the Okta Admin Console (Settings > Features) allows Super Admins to enable and disable some EA features themselves. feature. To enable it, use the Early Access Feature Manager as described in Manage Early Access and Beta features .




STEP 1: Configure VMware Identity Manager as an Identity Provider in Okta

This section describes how to configure VMware Identity Manager as an identity provider (IdPAn acronym for Identity Provider. It is a service that manages end user accounts analogous to user directories such as LDAP and Active Directory, and can send SAML responses to SPs to authenticate end users. Within this scenario, the IdP is Okta.) in Okta. This configuration is required to configure a unified catalog as well as mobile SSO and device trust.

For additional information, see Configure Inbound SAML section of the Okta Identity Providers documentation.


Get VMware Identity Manager SAML Metadata Information

Retrieve the SAML metadata information from VMware Identity Manager that is required to set up an identity provider in Okta.

  1. Log in to the VMware Identity Manager console as the System administrator.
  2. Select the Catalog > Web Apps tab.
  3. Click Settings.
  4. Click SAML Metadata in the left pane.
  5. The Download Metadata tab is displayed.

  6. Download the Signing Certificate.
    1. In the Signing Certificate section, click Download.
    2. Make a note of where the certificate files is downloaded (signingCertificate.cer).
  7. Retrieve the SAML metadata.
    1. In the SAML Metadata section, right-click the Identity Provider (IdP) metadata link and open it in a new tab or window.
    2. In the identity provider metadata file, find and make a note of the following values:
      • entityID
      • For example: https://tenant.vmwareidentity.com/SAAS/API/1.0/GET/metadata/idp.xml

      • SingleSignOnService URL with Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
      • For example: https://tenant.vmwareidentity.com/SAAS/auth/federation/sso

 

What's next?

Add an Identity Provider in Okta

 

Add an Identity Provider in Okta

For additional information about how Okta handles external identity providers, see Identity Providers.

  1. Sign in to the Okta Admin Console.
  2. Go to Security > Identity Providers.
  3. Click Add Identity Provider and select Add SAML 2.0 IdP.
  4. Enter a name for the identity provider. For example, Workspace ONE.
  5. Enter the following information:

  6. Option Description
    IdP Username idpuser.subjectNameId

    If you plan to send the username in a custom SAML attribute, define an appropriate expression. For information, see Okta Expression Language.

    Filter Leave this option unselected.
    Match against

    Okta Username

    Adjust the selection as required for your environment and the values that you plan to send.

    If no match is found

    Redirect to Okta sign-in page

    IdP Issuer URI

    Enter the entityID.

    This is the value you obtained from the identity provider metadata file from Workspace ONE. For example, https://tenant.vmwareidentity.com/SAAS/API/1.0/GET/metadata/idp.xml

    IdP Single Sign-On URL

    Enter the SingleSignOnService Location URL.

    This is the value you obtained from the identity provider metadata file from Workspace ONE. For example, https://tenant.vmwareidentity.com/SAAS/auth/federation/sso

    IdP Signature Certificate

    Browse and select the Signing Certificate file you downloaded from Workspace ONE in Get VMware Identity Manager SAML Metadata Information. TipYou may need to change the file extension or default browser filter to look for *.crt and *.pem files.


  7. Click Show Advanced Settings, scroll to the Request Authentication Context option, and select Device Trust.
  8. This setting specifies the context of the authentication request.

  9. Click Add Identity Provider.
  10. Verify that the following information appears:
    • SAML Metadata
    • Assertion Consumer Service URL
    • Audience URI
  11. Download and save the metadata file.
    1. Click the Download Metadata link.

    2. Save the metadata file locally.

    3. Open the metadata file and copy its contents for use in Get VMware Identity Manager SAML Metadata Information.

Top