Scribd Logo
Upload

Welcome to Scribd!

  • 43 views

    SAML Setup

    Uploaded by

    ajaybhosal
    1. The document provides steps to configure SAML single sign-on between OKTA and Informatica Intelligent Cloud Services (IICS). 2. Key steps include creating a SAML application in OKTA, downloading the OKTA IDP metadata XML, and uploading it to IICS to complete the configuration. 3. User management with SSO can be done by enabling auto-provisioning of users or pre-creating users of type "IDP with SAML" and disabling auto-provisioning.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    SAML Setup

    Uploaded by

    ajaybhosal
    43 views3 pages
    1. The document provides steps to configure SAML single sign-on between OKTA and Informatica Intelligent Cloud Services (IICS). 2. Key steps include creating a SAML application in OKTA, downloading the OKTA IDP metadata XML, and uploading it to IICS to complete the configuration. 3. User management with SSO can be done by enabling auto-provisioning of users or pre-creating users of type "IDP with SAML" and disabling auto-provisioning.

    Original Description:

    Original Title

    SAML setup

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    1. The document provides steps to configure SAML single sign-on between OKTA and Informatica Intelligent Cloud Services (IICS). 2. Key steps include creating a SAML application in OKTA, downloading the OKTA IDP metadata XML, and uploading it to IICS to complete the configuration. 3. User management with SSO can be done by enabling auto-provisioning of users or pre-creating users of type "IDP with SAML" and disabling auto-provisioning.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    43 views3 pages

    SAML Setup

    Uploaded by

    ajaybhosal
    1. The document provides steps to configure SAML single sign-on between OKTA and Informatica Intelligent Cloud Services (IICS). 2. Key steps include creating a SAML application in OKTA, downloading the OKTA IDP metadata XML, and uploading it to IICS to complete the configuration. 3. User management with SSO can be done by enabling auto-provisioning of users or pre-creating users of type "IDP with SAML" and disabling auto-provisioning.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 3

    HOW TO: Configure SAML Single Sign On(SSO) using OKTA

    in IICS

    May 19, 2022•Knowledge


    Solution
    Follow the steps below to configure SAML SSO in Informatica Cloud using OKTA:
    1. Ensure to have a valid OKTA account and user with Admin privileges.

    2. Login to OKTA and click on "Applications" and click "Add Application".

    3. Click on "Create New App". Okta will prompt you with "What type of application integration?", select
    "SAML 2.0" and click "Create".

    4. This will take one to "Create SAML Integration" wizard and display "General Settings"
    a. Enter "App Name".
    b. Optionally select/enter App logo and App visibility and click "Next".

    5. Configure SAML
    Enter "Single Sign on URL" from "Location" attribute of "AssertionConsumerService" element in ICS
    SAML metadata XML. One can get the metadata XML by login to Informatica Cloud and
    under Administer > SAML SSO.

            
    Refer to the following screenshot for reference to find the correct URL:

    b. Enter Audience URI (SP Entity ID) from ICS's "entityID" attribute of "EntityDescriptor" element. 

    c. Select name ID format, Default username 

            d. Optionally configure attribute statements to send First Name, Last name, Email Address, Job
    Title, Phone Number, Role, and so on.

    6. Select App  type accordingly.

    7. Click on Finish. It will take you to the application page for the just created SAML application.
    8. Click on "Sign On" tab and click on "Identity Provided metadata" link to download Okta IDP metadata
    XML and save as XML file.

    9. Use the downloaded Okta IDP metadata XML file to configure SAML SSO in ICS. Upload the file in
    Informatica Cloud. Refer to the below screenshot from point 10 for reference (select choose file
    option).
    10. "Disable auto-provision of users" --> If this property is checked, IICS will check for the existence of
    the user and based on that will allow log in. If this is unchecked, IICS will create a user based on the
    SAML request.  Please make sure that the existing user in IICS is having authentication type as "IDP
    with SAML" else IICS will throw "The SAML user does not exist in your organization" error.

    11. If the existing user is created with different authentication types, try changing it to "IDP with SAML".
    If "Changing the authentication to IDP with SAML is not supported" error is thrown, then please drop
    the existing user and create a new user with authentication type as "IDP with SAML".   

    Q: How to manage the user when SSO is configured in Informatica Intelligent


    Cloud Services (IICS)?
     
    A: Users could be automatically created by unchecking the "Disable auto-provision of a user" box or check the
    box "Disable auto provision of a user" and then create the SSO type user upfront. SSO type user can be
    created in Administrator > Users 
     
     
    Q: If auto-creation of users is enabled does anyone with SSO URL will be able
    to login?
     
    A: Yes, anyone in the organization would be able to login to IICS if your IDP authenticates the user
    successfully.
         Restrictions to any user or user group should be from IDP.
     
     
    Q: Then how to avoid/restrict the unintended users to log in?
     
    A: > Option1: create SSO type user upfront before the user tries to login and check the box "Disable auto-
    provision of a user"
        > Option2: Un-check the box "Disable auto-provision of a user" and let the user get created
    automatically but restrict the user authentication from the IDP side.
     
     
    Q: Can you use SAML Role Mapping in the SSO config page to restrict the users?
     
    A: No, SAML Role Mapping is just to map a role in IDP to a role in IICS.
     
     
    Q: How to create SSO users?
     
    A: Select 'IDP with SAML'  in Authentication while creating users in IICS > Administrator > User
     
     
    Q: Does the SSO user gets updated in every login?
     
    A: Yes, users can be updated in every login by enabling the check box 'Map SAML Groups and Roles'
    .
     
     
    Q: How to map the user group or roles from IDP to IICS?
     
    A: Both role mapping n group mapping is possible, please refer the respective section in SAML SSO setup page
     
     
    Q: Can we convert an existing native user to a SAML SSO user?
     
    A: No, the user type cannot be changed. It will give an error in the UI itself: Changing the authentication to
    IDP with SAML is not supported
     
     
    Q: Why do we see .SAML, .SAML2, .SAML3, etc... suffix in some user names?
     
    A: For SAML users, the IICS user name is the same as the SAML name identifier unless that name is already
    used in the IICS organization. If the name is already used, then Informatica Intelligent Cloud Services appends
    the string ".SAML," ".SAML1," ".SAML2," etc. to the end of the SAML name identifier to form a unique 
    Informatica Intelligent Cloud Services user name.

    You might also like