Avi Vantage Integration with Okta
An Avi virtual service’s ability to act as a service provider is key to support of Security Assertion Markup Language (SAML), starting with release 18.2.2. To fulfill this role, the Avi virtual service sends authentication requests to an identity provider (IDP), responses from which govern user access to back-end applications running in Avi pools. Multiple third-party integrations have been implemented by Avi Networks to give customers a choice of IDP. This article outlines the steps necessary to enable Okta as IDP.
Avi as SP and Okta as IDP
Configuring Okta as IDP:
Login to the Okta developer account with admin access and click on Applications.
- Under Applications, choose Add Application and click on Create New App.
- Create a new SAML 2.0 application in Okta.
- Provide a name for the application.
- In SAML Settings, provide the SSO URL in the format https://SPresource/sso/acs/ (for example, https://sales.avi.com/sso/acs/ as shown in the below screen) and use the same URL in the IDP. The Audience URI must be the same as Entity ID. Click Next.
Note: The trailing slash (/) after acs is mandatory.
- Click Finish on the next screen.
- On the screen shown below, there is the option to download metadata.
- Assign the apps to the local users, groups, or AD users.
This completes the process of creating an application on Okta.
Once configuration is complete on Okta, configure an Avi virtual service to act as service provider by following the instructions given in the SAML Configuration on Avi Vantage article.