Configure Okta for identity management in DuploCloud
Okta is a cloud-based identity and access management platform that provides secure Single Sign-On (SSO), multi-factor authentication (MFA), and lifecycle management for users across applications.
DuploCloud supports using Okta as a source for user authentication and authorization. This integration allows you to log in to DuploCloud and manage user roles, permissions, and platform access using Okta. Okta's group-based permissions system can also be mapped to DuploCloud's user management to manage access to various services within DuploCloud.
This page covers the configuration process for integrating Okta with DuploCloud. To manage Okta users and permissions or perform tasks like generating and managing Okta API tokens, follow the guidelines in the relevant sections of the Okta documentation.
Find your Okta domain. You will need the domain to integrate Okta with DuploCloud.
Create an app integration in the Okta Admin Console to enable Okta to integrate with DuploCloud.
Update the Duplo.AuthService.exe.config
file with your Okta domain and credentials, enabling DuploCloud to authenticate users through Okta and allow single sign-on (SSO) access.
Add the following list of keys to the C:\Program Files (x86)\Duplo.AuthService\Duplo.AuthService.exe.config
file, and restart the service (Duplo.AuthService
).
In the Okta Console, add the following URL to the Allowed Callback URLs field (making sure to replace <portal-url>
with your DuploCloud portal URL). For more information, see the Okta documentation.
Configure Okta login allowing users to access the DuploCloud Portal with their Okta credentials.
Add the following list of keys to the C:\Program Files (x86)\Duplo.AuthService\Duplo.AuthService.exe.config
file and restart the service Duplo.AuthService.
Create and assign group IDs in Okta (e.g., admin, read-only) that correspond to roles in DuploCloud, as shown below. Once the groups are created, these group names can be linked to DuploCloud roles using the assigned IDs.
OktaAdminGroupId
Admin Group: Users assigned to this group in OKTA will be given admin permissions in DuploCloud.
OktaReadOnlyGroupId
Read-Only Group: Users assigned to this group will have read-only permissions.
OktaSecurityGroupId
Security Group: Users in this group will be given security roles.
OktaSignupGroupId
Sign-Up Group: Users in this group will have sign-up privileges.
OktaTenantGroupPrefix
Tenant Group Prefix: These groups use Tenant prefixes such as duploservices-
. Group names follow a format such as duploservices-tenant1
. All users within this group will be assigned to tenant1.
OktaTenantGroupPrefix
Read-Only Tenant Group Prefix: Use prefixes like duplo-ro-tenant1
. Users in this group will be assigned to tenant1 as read-only users.
To find group IDs in the Okta Portal, refer to the Okta documentation. The Group ID is in the URL of the selected group. For example: https://<your_okta_domain>.okta.com/admin/group/<group_id>/members
.
Once the keys and values are defined as in the procedure above, you can use the Okta Portal to add users, assign roles and permissions, delete users, revoke permissions, and generate and manage Okta API tokens. See the Okta documentation for specific tasks:
Add and Manage Okta Users:
Assign Roles and Permissions:
Delete Users:
Revoke Permissions:
Generate and Manage Okta API Tokens: