Skip to main content

Illumio Administration Guide 25.4

Okta Single Sign-on

This section explains configuring SSO for user authentication with the PCE using Okta as your IdP.

Prerequisite for Okta SSO

Before you begin, make sure you have the following information from your Okta account:

  • x.509 certificate

  • Remote Login URL

  • Logout Landing URL

Note

To perform this task, your PCE user account must have Owner or Admin privileges.

Configure the PCE for Okta SSO

  1. From the PCE web console menu, choose Access Management > Authentication.

  2. Locate the SAML configuration panel on the Authentication Settings screen and click Configure.

  3. Enter the following information:

    • SAML Identity Provider Certificate: Paste your Okta x.509 certificate (in PEM text format):

    • Remote Login URL: Enter the Okta Remote Login URL.

    • Logout Landing URL: Enter the Okta Logout Landing URL.

  4. In the Information for Identity Provider section, choose the Access Level for the users using Okta to authenticate with the PCE. When you select No Access, SSO users from your Okta account must be added manually before logging into the PCE.

  5. In the Information for Identity Provider section, make note of the following fields:

    • Issuer

    • Assertion source URL

  6. Select the authentication method from the drop-down list:

    • Unspecified: Uses the IdP default authentication mechanism.

    • Password-Protected Transport: The user must log in with a password using a protected session.

  7. To require users to re-enter their login information to access Illumio (even if the session is still valid), check the Force Re-authentication checkbox. This allows users to log into the PCE using a different login than their default computer login and is disabled by default.

    Note

    The preferences are used when SSO is configured both in Illumio Segmentation for Data Centers and for the IdP. When SSO is not configured, the default IdP settings are used.

  8. Click Save.

  9. Log in to your Okta account.

  10. Select the Illumio Segmentation for Data Centers app, select the General tab, and click Edit.

  11. Enter the values you copied from the PCE SSO Configuration page's Information for Identity Provider section.

    okta_config_page.png

  12. Click Save.

    Your PCE is now configured to use Okta SSO to authenticate users with the PCE.