This document provides you with an example of Single Sign-On (SSO login) between Okta and Tencent Cloud Identity Center.
Preparations
Before configuring SSO login, you need to complete user creation: synchronize users from Okta to Identity Center, or create a user with the same name in Identity Center.
Synchronize users from Okta to Identity Center: Suitable for situations where Okta has a large number of users. For specific operations, please see Synchronizing Okta via SCIM Example.
Create a same-name user in the identity center: Suitable for cases where Okta has only a small number of users, can be used for quick verification. Upon creation, the username in the identity center needs to be consistent with the username in Okta .
2. In the left sidebar, click User Management > Settings.
3. In the SSO login area, click
, then click to enable in the popup window to enable SSO login.
Step 2: Copy the Service Provider (SP) Information
In the Service Provider (SP) Information section, view and copy ACS URL, Entity ID, and directly use them for manual configuration of the external IdP.
Configure in Okta
Step 1: Create an Application in Okta
1. Log in to Okta, in the left navigation bar, select Applications > Applications, then enter All Applications, click Create APP Integration to Create an application.
2. In the pop-up Create a new app integration window, select SAML 2.0, click Next.
3. Enter the Create SAML Integration page and complete the application configuration.
3.1 On the General Settings page, complete the App name, click Next.
3.2 On the Configure SAML page, complete the Single sign-on URL and Audience URL (SP Entity ID).
3.3 On the Feedback page, check Contact app vendor, click Finish, and complete application creation.
Step 2: Set Up Single Sign-On in Okta
1. Download the federation metadata XML.
1.1 In the left sidebar, select Applications > Applications, then enter all applications and select the target application.
1.2 Go to the application details page, click Sign On.
1.3 On the Sign On page, click View SAML setup instructions in the bottom-right corner to view the identity provider metadata and save it to your local directory.
2. Assign users to the application.
2.1 On the Assignments page, click Assign, select Assign to People, and assign users to the application.
2.2 In the Assign okta_test to People pop-up window, select the target user and click Assign. In the new window, click Save and Go Back to start the assignment.
2.3 The allocated users are displayed on the People page.
Step 3: Upload the Federation Metadata XML in the Identity Center
1. In the Tencent Cloud Organization > Identity Center Management > Settings > SSO LoginIdentity Provider (IDP) Information section, click Configure Identity Provider Information.
2. Click Select File, then upload the Federation Metadata XML downloaded from Okta.
Result Verification
After completing the SSO login configuration, you can initiate SSO login from Tencent Cloud.
Note: In the identity center, you need to create a user with the same name as the one in the Okta application. Enter TCO > Identity Center Management > User to create the user.
Login Process:
1. The Identity Center administrator enters the page of TCO > Identity Center Management > Identity Center Overview, views and copies the User Login URL.
2. Visit User Login URL, then Log in.
3. Redirect to the Okta Login page, then enter account password to log in.
4. Successful login, enter the Identity Center account list page.
