Okta Identity Management (Internal procedure)

Configure Okta for identity management in DuploCloud

Okta is a cloud-based identity and access management platform that provides secure Single Sign-On (SSO), multi-factor authentication (MFA), and lifecycle management for users across applications.

DuploCloud supports using Okta as a source for user authentication and authorization. This integration allows you to log in to DuploCloud and manage user roles, permissions, and platform access using Okta. Okta's group-based permissions system can also be mapped to DuploCloud's user management to manage access to various services within DuploCloud.

This page covers the configuration process for integrating Okta with DuploCloud. To manage Okta users and permissions or perform tasks like generating and managing Okta API tokens, follow the guidelines in the relevant sections of the Okta documentation.

Prerequisites

Configuring Okta with DuploCloud

Step 1. Integrate Okta with DuploCloud

Create an app integration in the Okta Admin Console to enable Okta to integrate with DuploCloud.

Step 2. Configure DuploCloud Authentication Service for Okta

Edit the Configuration File

Update the Duplo.AuthService.exe.config file with your Okta domain and credentials, enabling DuploCloud to authenticate users through Okta and allow single sign-on (SSO) access.

Add the following list of keys to the C:\Program Files (x86)\Duplo.AuthService\Duplo.AuthService.exe.config file, and restart the service (Duplo.AuthService).

<add key="OktaDomain" value="example-32616951.okta.com" />
<add key="OktaClientId" value="client_id" />
<add key="OktaClientSecret" value="specifysecret" />
<add key="ENABLEOKTALOGIN" value="true" />

Add the DuploCloud Portal URL to the Okta Allowed Callbacks

In the Okta Console, add the following URL to the Allowed Callback URLs field (making sure to replace <portal-url> with your DuploCloud portal URL). For more information, see the Okta documentation.

https://<portal-url>/app/signin-okta

Step 3. Add the Okta Login Option to the DuploCloud Portal

Configure Okta login allowing users to access the DuploCloud Portal with their Okta credentials.

Add the following list of keys to the C:\Program Files (x86)\Duplo.AuthService\Duplo.AuthService.exe.config file and restart the service Duplo.AuthService.

<add key="EnableOktaUserSource" value="true" />
<add key="OktaAdminGroupId" value="admin-group-id" />
<add key="OktaReadOnlyGroupId" value="read-only-group-id" />
<add key="OktaSecurityGroupId" value="security-group-id" />
<add key="OktaSignupGroupId" value="sign-up-group-id" />
<add key="OktaTenantGroupPrefix" value="duploservices-" />
<add key="OktaTenantRoGroupPrefix" value="duplo-ro-" />
<add key="OktaToken" value="okta-token" />
<add key="OktaDomain" value="example-32616951.okta.com" />
<add key="OktaClientId" value="client_id" />
<add key="OktaClientSecret" value="specifysecret" />
<add key="ENABLEOKTALOGIN" value="true" />

Step 4. Define Okta User Groups and Permissions in DuploCloud

Assign Group IDs from the Okta Portal to DuploCloud

Create and assign group IDs in Okta (e.g., admin, read-only) that correspond to roles in DuploCloud, as shown below. Once the groups are created, these group names can be linked to DuploCloud roles using the assigned IDs.

  • OktaAdminGroupId Admin Group: Users assigned to this group in OKTA will be given admin permissions in DuploCloud.

  • OktaReadOnlyGroupId Read-Only Group: Users assigned to this group will have read-only permissions.

  • OktaSecurityGroupId Security Group: Users in this group will be given security roles.

  • OktaSignupGroupId Sign-Up Group: Users in this group will have sign-up privileges.

  • OktaTenantGroupPrefix Tenant Group Prefix: These groups use Tenant prefixes such as duploservices-. Group names follow a format such as duploservices-tenant1. All users within this group will be assigned to tenant1.

  • OktaTenantGroupPrefix Read-Only Tenant Group Prefix: Use prefixes like duplo-ro-tenant1. Users in this group will be assigned to tenant1 as read-only users.

How to Find Group IDs in the OKTA Portal

To find group IDs in the Okta Portal, refer to the Okta documentation. The Group ID is in the URL of the selected group. For example: https://<your_okta_domain>.okta.com/admin/group/<group_id>/members.

Managing Okta Users, Permissions, and API Tokens

Once the keys and values are defined as in the procedure above, you can use the Okta Portal to add users, assign roles and permissions, delete users, revoke permissions, and generate and manage Okta API tokens. See the Okta documentation for specific tasks:

Last updated

Logo

© DuploCloud, Inc. All rights reserved. DuploCloud trademarks used herein are registered trademarks of DuploCloud and affiliates