Documentation forSolarWinds Service Desk

OKTA SSO configuration

On this page

Introduction

OKTA provides cloud software that helps companies manage and secure user authentication into modern applications, and helps developers to build identity controls into applications, website web services, and devices. You can integrate Active Directory through OKTA.

Success of this setup depends on the parameter values that are customized for your organization. Use the Okta Administrator Dashboard to add an application and view the values that are specific to your needs.

Supported Features

The Okta/SolarWinds Service Desk SAML integration currently supports the following features:

  • Service Provider (SP) -initiated SSO
  • Identity Provder (IdPP) -initiated SSO
  • JIT (Just In Time) Provisioning

For more information on the listed features, visit the Okta Glossary.

The instructions below cover all aspects of the configuration process.

Navigation

Setup > Account > Single Sign-On > Okta.

Set up SSO with Okta

  1. In SWSD go to Setup > Account > Single Sign-On > Okta.
  2. For each of the SWSD fields below, sign into the Okta Admin Dashboard to generate the variable, and copy/paste it into the appropriate field in SWSD.

    • Identity Provider URL
    • Logout URL and Error URL
    • SAML Issuer
    • Identity Provider x.509 Certificate
  3. If you wish to enable Just In Time Provisioning, select the box labeled Create users if they do not exist.

  4. If you plan to disable the current login option (username & password), check the box labeled Redirect to the saml login page when logging into SolarWinds Service Desk by default.

    DO NOT mark the box above until SAML configuration is tested successfully. After the box is checked, you will no longer be able to login with your username/password.
  5. Click Update.

  6. If you are using a custom SWSD URL and domain mapping is configured in SWSD, your URL will be https://[mapped domain]/saml_login/[account name].
  7. In Okta, select the Sign On tab for the SolarWinds Service Desk app, scroll down to the ADVANCED SIGN-ON SETTINGS section, and then click Edit.

  8. Enter the ACS URL value into the corresponding field.

    Make sure that you entered the correct value in the Subdomain field under the General application tab in Okta. Using the wrong value will prevent you from authenticating via SAML to SWSD.

    If you have a custom SWSD URL, obtain your ACS URL value as follows:

    1. Go to [customSolarWindsServiceDeskURL]/saml/metadata. An XML file like the following will appear after the page loads:

    1. Locate and make a copy of your ACS URL value from the Location attribute.

  9. Click Save.

Log in with SP-initiated SSO

  1. Log in to the SWSD URL and navigate to SSO.
  2. Click Single Sign-On.

Related topics

Single sign-on