Okta Identity Management (Internal procedure)
Configure Okta for identity management in DuploCloud
Okta is a cloud-based identity and access management platform that provides secure Single Sign-On (SSO), multi-factor authentication (MFA), and lifecycle management for users across applications.
DuploCloud supports using Okta as a source for user authentication and authorization. This integration allows you to log in to DuploCloud and manage user roles, permissions, and platform access using Okta. Okta's group-based permissions system can also be mapped to DuploCloud's user management to manage access to various services within DuploCloud.
This page covers the configuration process for integrating Okta with DuploCloud. To manage Okta users and permissions or perform tasks like generating and managing Okta API tokens, follow the guidelines in the relevant sections of the Okta documentation.
Prerequisites
Find your Okta domain. You will need the domain to integrate Okta with DuploCloud.
Configuring Okta with DuploCloud
Step 1. Integrate Okta with DuploCloud
Create an app integration in the Okta Admin Console to enable Okta to integrate with DuploCloud.
Step 2. Configure DuploCloud Authentication Service for Okta
Edit the Configuration File
Update the Duplo.AuthService.exe.config
file with your Okta domain and credentials, enabling DuploCloud to authenticate users through Okta and allow single sign-on (SSO) access.
Add the following list of keys to the C:\Program Files (x86)\Duplo.AuthService\Duplo.AuthService.exe.config
file, and restart the service (Duplo.AuthService
).
Add the DuploCloud Portal URL to the Okta Allowed Callbacks
In the Okta Console, add the following URL to the Allowed Callback URLs field (making sure to replace <portal-url>
with your DuploCloud portal URL). For more information, see the Okta documentation.
Step 3. Add the Okta Login Option to the DuploCloud Portal
Configure Okta login allowing users to access the DuploCloud Portal with their Okta credentials.
Add the following list of keys to the C:\Program Files (x86)\Duplo.AuthService\Duplo.AuthService.exe.config
file and restart the service Duplo.AuthService.
Step 4. Define Okta User Groups and Permissions in DuploCloud
Assign Group IDs from the Okta Portal to DuploCloud
Create and assign group IDs in Okta (e.g., admin, read-only) that correspond to roles in DuploCloud, as shown below. Once the groups are created, these group names can be linked to DuploCloud roles using the assigned IDs.
OktaAdminGroupId
Admin Group: Users assigned to this group in OKTA will be given admin permissions in DuploCloud.OktaReadOnlyGroupId
Read-Only Group: Users assigned to this group will have read-only permissions.OktaSecurityGroupId
Security Group: Users in this group will be given security roles.OktaSignupGroupId
Sign-Up Group: Users in this group will have sign-up privileges.OktaTenantGroupPrefix
Tenant Group Prefix: These groups use Tenant prefixes such asduploservices-
. Group names follow a format such asduploservices-tenant1
. All users within this group will be assigned to tenant1.OktaTenantGroupPrefix
Read-Only Tenant Group Prefix: Use prefixes likeduplo-ro-tenant1
. Users in this group will be assigned to tenant1 as read-only users.
How to Find Group IDs in the OKTA Portal
To find group IDs in the Okta Portal, refer to the Okta documentation. The Group ID is in the URL of the selected group. For example: https://<your_okta_domain>.okta.com/admin/group/<group_id>/members
.
Managing Okta Users, Permissions, and API Tokens
Once the keys and values are defined as in the procedure above, you can use the Okta Portal to add users, assign roles and permissions, delete users, revoke permissions, and generate and manage Okta API tokens. See the Okta documentation for specific tasks:
Add and Manage Okta Users:
Assign Roles and Permissions:
Delete Users:
Revoke Permissions:
Generate and Manage Okta API Tokens:
Last updated