Integrating with Okta
Okta doesn't provide automatic setup of SAML applications by uploading the Service Provider metadata. This small tutorial guides you through the necessary steps to get Instana integrated with Okta as a SAML app.
Prerequisites
After SAML is activated for a tenant, you have no other way to log in to Instana. The SAML configuration can be deleted through API by using a token with enough permissions.
- You require administrator privileges in Okta.
- Open the SAML configuration page in Instana, where you need to copy and paste some values between there and Okta.
Creating the SAML app in Okta
-
From the list on Okata UI, select the application perspective in Okta.
-
Click Add Application.
-
To open the wizard, click Create Application.
-
You are going to create a SAML 2.0 application. That's what you are going to select from the dropdown list.
-
Name the application, such as Instana in the following case.
-
Copy the ACS URL from the Instana-SAML setup page, and put it in Single sign on URL.
-
Change Name ID Format to EmailAddress.
-
Change Application username to Email.
That's it. The final page gives you an overview of the SAML application that you just created.
In this page, you can now download the Identity Provider metadata.
To activat the SAML integration, you need to store the Identity Provider metadata locally, switch to the Instana-SAML setup page and upload the file.
Adding users to Instana
With SAML enabled, this is the only way for your users to access Instana.
To enable users, you must get the SAML app that is assigned to you.
Open the application overview in Okta, and select to assign a user from the dropdown list.
Make sure that every user has an associated email address.
Each new user can receive the default role during their first login.