Skip to main content
Version: v2.4 print this page

Okta SSO

Introduction

This document provides detailed steps on Amorphic Data (Amorphic) Platform - OKTA integration. Amorphic simplifies analytics for all users and teams by orchestrating and automating analytic pipelines & workflows across AWS services, infrastructure and analytic tools and platforms.

Okta is an enterprise grade identity management service. With Okta IT can manage access across any application, person or device. Okta seamlessly integrates applications into its service for us, whether these applications are used by employees, partners, or customers, and regardless of whether they are in the cloud, on-premises, or on a mobile device. We can easily deploy these pre-integrated applications to our users as needed. We can authenticate these users against our own user store (e.g. AWS Cognito User Pools, Active Directory or LDAP) or we can use Okta as the user store. In Amorphic Data Cloud, Users/API calls get authenticated using Cognito. Amazon Cognito User Pools allow sign-in through a third party (federation), including through a SAML IdP such as Okta. Here we use Okta as a Security Assertion Markup Language 2.0 (SAML 2.0) identity provider (IdP) with an Amazon Cognito user pool.

Pre-requisites for Okta integration

Before we proceed with the process of Okta integration, we need the following pre-requisites:

  1. OKTA developer account — https://developer.okta.com/signup/
  2. Amorphic Application Deployed with Identity Provider option enabled

Steps to register Amorphic app with Okta

  • Create Okta Application with SSO enabled
  • Get App Federation Metadata Url & Login URL
  • Update Amorphic with App Federation Metadata Url & Login URL in CMP

Create Okta Application with SSO enabled

  • Login into a newly created OKTA developer account or an existing account.

  • After login, from console choose Applications from left side and click on Create App Integration

image

  • Select SAML 2.0 in Create a new app integration and click next:

image

  • In general settings section enter the "App name" and click "Next" as shown below:

image

  • In Configure SAML section:
  1. Enter the "Single Sign on URL".

    Format of Single Sign on URL: https://<cognito-domain>/saml2/idpresponse

  2. Enter "Audience URI (SP Entity ID)" :

    Format of Identifier Entity Id: urn:amazon:cognito:sp:<cognito-userpool-id>

Cloudwick Support Team will provide both cognito-userpool-id and cognito-domain values.

image

  1. In Attribute Statements section, 3 attributes are important
  • email
  • name
  • username

map the Names to corresponding values as shown below:

email to user.email

username to user.firstName and

name to user.login

image

  1. Click "Next" and configure "Feedback". Click the "Finish" button.

image

  1. From the App front page, click on "Assignment" tab and assign okta users to the application just created.

image

  1. Copy the Metadata URL and SignOn URL from the App Sign On section

image

Update Amorphic with credentials

  1. In amorphic CMP (customer management portal), select IDP provider as SAML and update the values.
  • IDP Server URL in cmp corresponds to SignOn URL retrieved from Okta
  • IDP Metadata URL corresponds to Metadata URL from Okta

Once the values are added, click on Update IDP Details. This will take around 45-60 mins to get reflected in the login page.

image

Frequently asked questions (FAQ)

1. Why is attribute mapping required?

a. When integrating with okta and cognito, Amorphic requires attributes such as username, name and email from okta to successfully register user.