Documentation forOrion Platform

Configure Okta for single sign-on login to the Orion Web Console

This topic applies to all Orion Platform products.

When configuring Okta to communicate with your Orion Web Console, you will be working with both Okta and Orion Web Console at the same time. You need to copy information from one system into the other.

  1. Orion Web Console: prepare the identity provider
  2. Okta: create a new SAML 2.0 application, use URL and URI from the Orion Web Console.
  3. Orion Web Console: copy target URL, issuer, and certificate from Okta into the Orion Web Console
  4. Orion Web Console: define SAML Users or SAML user groups in the Orion Web Console

Step 1: In the Orion Web Console, prepare the identity provider URL and URI

  1. Log in to the Orion Web Console using an administrator account.

  2. Click Settings > All Settings.

  3. In the User Accounts section, click SAML Configuration.

  4. Click Add Identity Provider.

  5. In the Enter Orion URL step, check that the external URLs are correct and adjust them if necessary.

    Orion Web Console External URL

    This is the URL of your Orion server or its DNS alias.

    Additional Web Console external URLs

    If you have additional polling engines deployed, check the URL(s) for the servers hosting the additional web console. The field should contain one of the following:

    • The address of the server hosting your Additional Web Console

      Example: https://WIN-1234567890A

    • The DNS alias of the server hosting the Additional Web Console

      Example: https://orion

    • No input

      Clear the suggested URL. When you try to log in to the Additional Web Console using SAML authentication, you'll be redirected to the primary Orion Web Console

    These URLs are used to generate the URL and URI you copy into your identity provider settings.

  6. The Prepare IdP step provides Audience URI and SSO Service URL(s) to be copied and pasted into the configuration in Okta.

    Keep the browser open, and continue in Okta.

    If you have deployed additional web servers, the SSO Service URLs section includes more URLs - one for the primary Orion Web Console and one for each additional web server.

Step 2: In Okta, create the SAML application, configure URLs and the URI, and specify users for SAML login

If prompted to switch to the Classic UI, switch to the Classic UI.

  1. Log in to your Okta organization with administrative privileges.

  2. Click on the blue Admin button.

  3. Click Add Applications > Create New App.

  4. Select the SAML 2.0 option and click Next.

  5. In General Settings, type the SAML Application Name in the App name field, and click Next.

  6. In the SAML Settings section, make the following changes:

    1. In the General section, paste the SAMLLoging URL of your Orion Web Console into the Single sign on URL.

      Example: https://hostname.domain/Orion/SAMLLogin.aspx

      This is the SSO Service URLs to copy from the Orion Web Console. See Prepare the identity provider in the Orion Web Console.

    2. If you have deployed an additional web server, configure the additional website:

      1. Select the Allow this app to request other SSO URLs box.

      2. In the Requestable SSO URLs, click Add Another, and provide the additional web server URL into the URL field. For example: https://hostname.domain/Orion/SAMLLogin.aspx

        Copy the additional web console URL from SSO Service URLs in the Orion Web Console. See Configuring the identity provider in the Orion Web Console.

      3. In the Index box, provide appropriate index value.

    3. Enter the address of your Orion Web Console to Audience URI (SP Entity ID)

      Example: http://hostname

      This is the Audience URI to copy from the Orion Web Console. See Prepare the identity provider in the Orion Web Console.

    4. In the Attribute Statements section, add following attribute statements:

      Name Name format Value
      Email Unspecified user.email
      FirstName Unspecified user.firstName
      LastName Unspecified user.lastName
    5. Add following to the Group Attributes Statements:

      Name Name format Filter Value
      OrionGroups Unspecified Matches regex .*
    6. Click Next, provide the requested background information about you, and click Finish.
  7. Specify users to access the Orion Web Console through SAML login:
    1. In Okta, click Assignments > Assign, and select Assign to People.
    2. Select users and click Assign.
    3. When you assign SAML login for the Orion Web Console to all required users, click Done.
  8. On the Sign On tab, click the View Setup Instructions button in the Sign On Methods section. Keep the tab open, so that you can copy and paste the details into the Orion Web Console.

Step 3: Complete the identity provider configuration in the Orion Web Console

  1. Switch to the Orion Web Console. You have the Add Identity Provider wizard open on the Prepare IdP step. Click Next.

  2. In the Configure step, paste the information from the Okta tab with configuration details you left open.

    • Identity Provider Name: specify how the identity provider will be displayed on the login page. Use for example 'Okta'.

    • SSO Target URL

      Example: https://www.okta.com/app/app_name_example_1/xyz/sso/saml

    • Issuer (Entity ID)

      Example: http://www.okta.com/abcdefgh123456ijkl789

    • Public Certificate - Certificate in Base64 form

      Copy the contents of the certificate, starting with BEGIN CERTIFICATE and ending with the END CERTIFICATE line.

  3. Save the configuration.

When logging to the Orion Web Console, users now see an additional button Log In with Okta. To enable users to log in using single sign-on, create SAML users or SAML user groups for the users.

Step 4: Define users for SAML login using Okta in the Orion Web Console

  1. In the Orion Web Console, click Settings > All Settings, and then click Manage Accounts in the User Accounts section.

  2. Click Add New Account.

  3. Define the SAML individual user or group.

    Create SAML individual user account

    1. Select SAML individual account.
    2. Provide Name ID. Use the same user name the user has in Okta. You have already assigned SAML login to the user.
    3. Specify what the user can access and do, and then complete the wizard.

    Create SAML group account

    1. Select SAML group account.
    2. Provide the name for the group. Use the group name you assigned SAML login to in Okta.

      The SAML Group and the Identity Provider Group Name must match.

    3. Specify what users in the group can access and do, and complete the wizard.

    Users now can log in to the Orion Web Console by clicking the Login with Okta button on the login page and providing their Okta credentials.

Disclaimer: Please note, any content posted herein is provided as a suggestion or recommendation to you for your internal use. This is not part of the SolarWinds software or documentation that you purchased from SolarWinds, and the information set forth herein may come from third parties. Your organization should internally review and assess to what extent, if any, such custom scripts or recommendations will be incorporated into your environment. You elect to use third party content at your own risk, and you will be solely responsible for the incorporation of the same, if any.