Okta doesn’t provide automatic setup of SAML applications by uploading the Service Provider Meta Data. This small tutorial will guide you through the necessary steps to get Instana integrated with Okta as a SAML app.
- You will require administrator privileges in Okta.
- Please open the SAML configuration page in Instana as you will be copy pasting some values between there and Okta.
First thing to do is to go to the application perspective in Okta by selecting it from the drop down on top.
On the following screen we select Add Application to get to the next screen.
We hit Create Application again to open the actual wizard
We are going to create a SAML 2.0 application so that’s what we are going to select from the dropdown.
Next thing is to name the application. Instana in our case.
- Copy the ACS URL from the Instana-SAML setup page and put it in Single sign on URL
- Change Name ID Format to EmailAddress
- Change Application username to Email
That’s it, the final page gives us an overview of the SAML application we just created.
In this page we can now download the Identity Provider metadata. Store it locally, switch to the Instana-SAML setup page and upload the file, thereby activating the SAML integration.
With SAML enabled this is now the only way for your users to access Instana.
To actually enable users they have to get the SAML app assigned to them.
So open the application overview in Okta and select to assign a users from the dropdown.
NOTE: Make sure that every user has an associated eMail-address.
Each new user will receive the default role when first logging in.