How can we help?

How do I configure Auvik single sign-on with Okta?

Follow

Auvik allows you to use Okta for authentication into Auvik. This enables users to log in with their Okta credentials—they don’t have to remember another set of credentials and you can manage access from a central location.

A different set of authentication methods are supported at each site, and different single sign-on (SSO) configurations are supported in each site. The authentication method for a site applies to users who belong to a specific site. The authentication level determines which site a user belongs to and controls which authentication method they can use.

Note: SAML Single Sign-On is not enabled in the Auvik trial.

Auvik supports SAML 2.0 for SSO. There are four steps involved:

  1. Configuring SAML in Auvik and Okta
  2. Testing your SAML configuration
  3. Granting your users access to Auvik in Okta
  4. Enabling SSO and migrating your users to SSO in Auvik

1. Configuring SAML in Auvik and Okta

Obtaining SAML configuration information and certificate from Okta

First, you need the Identity Provider Single Sign-on URL, Identity Provider Issuer, and X.509 Certificate from Okta.

  1. Log in to the Okta Admin Console.
  2. Go to Applications > Applications.
  3. Click Add Application.
  4. Click Create New App.
  5. Set Web for Platform and SAML 2.0 for Sign on method.
  6. Click Create.
  7. Enter an app name, an optional app logo, and set the app visibility.
  8. Click Next.
  9. Enter the following temporary values so you can download the certificate.
    1. Single sign on URL: https://my.auvik.com
    2. Audience URI (SP Entity ID): auvik.com
  10. Set the Name ID format to EmailAddress.
  11. Set the Application username to Email.
  12. Under Attribute Statements, click Add Another to add the following attribute statements required by Auvik.

    Name

    Name format

    Value

    firstName

    Unspecified

    user.firstName

    lastName

    Unspecified

    user.lastName

    email

    Unspecified

    user.email

     
  13. Click Next.
  14. Set I’m an Okta customer adding an internal app for Are you a customer or partner? and This is an internal app that we have created for App Type.
  15. Click Finish.
  16. Click the Sign On tab.
  17. Click View Setup Instructions.
  18. Copy Identity Provider Single Sign-on URL, Identity Provider Issuer, and download the X.509 Certificate.

Refer to Okta documentation on how to set up a SAML application.

Keep the tab open because you will need to replace the temporary values in step 6 with the actual values.

Configuring SAML in Auvik

Now, you’ll configure SAML in Auvik.

  1. Go to the desired site dashboard.
  2. Click on Settings in the Auvik navigation menu.
  3. Click on the Authentication tab.
  4. Click Browse on the IdP Signature Certificate field to upload your X.509 Certificate from Okta. 
  5. Enter the Okta Identity Provider Issuer in the IdP Issuer URI field and the Okta Identity Provider Single Sign-on URL in the IdP Single Sign-On URL field.
  6. Click Save.
  7. Copy the Audience URI, ACS URL, and RelayState.

Note: If you have configured SAML at the wrong site, delete the SAML configuration and restart at the desired site.

Completing SAML configuration in Okta

Finally, we’ll complete the configuration in Okta.

  1. Click Edit in the Sign On tab of the SAML application in Okta.
  2. Enter the following values:

    Okta field name

    Auvik field name

    Single sign on URL

    ACS URL

    Audience URI (SP Entity ID)

    Audience URI

    Default RelayState

    RelayState


  3. Click Save.

2. Testing your SAML configuration

Once SAML configuration is complete in Auvik and Okta, we’ll test the configuration in Auvik. SSO will be temporarily enabled for the test user in Auvik. 

Testing your SAML configuration in Auvik is only available for SAML configurations that are not in use.

  1. In Okta, grant your test user access to the Auvik SAML application.
    • Optionally, you can create a new group with your test user and assign that group to the Auvik application.
    1. Log in to the Okta Admin Console.
    2. Go to Applications.
    3. Search and click Auvik.
    4. Click the Assignments tab.
    5. Click Assign.
    6. Click Assign beside the test user.
    7. Click Save.
    8. Click Done.
  2. In Auvik, go to the desired site dashboard.
    1. Click on Settings in the Auvik navigation menu.
    2. Click on the Authentication tab.
    3. Click Test SSO.
    4. Select the test user.
  3. In an incognito browser window, log into Auvik with your test user using your test user’s Okta credentials. You must complete the test in 30 minutes. If you don’t respond in 30 minutes, we’ll restore the previous settings.
  4. In Auvik, click on whether the test user was able to log in.

For additional instructions, see Okta documentation on how to assign users to applications and how to assign groups to applications.

3. Granting your users access to Auvik in Okta

Users whose accounts have been migrated to SSO can only log in using their Okta credentials. Please make sure all users that you want to use SSO in Auvik are in your Okta and are configured to have access to the Auvik application.

To grant your other users access to the Auvik application in Okta:

  1. Log in to the Okta Admin Console.
  2. Go to Applications.
  3. Search and click Auvik.
  4. Click the Assignments tab.
  5. Click Assign.
  6. Click Assign beside the desired users.
  7. Click Save.
  8. Click Done.

For additional instructions, see Okta documentation on how to assign users to applications and how to assign groups to applications.

4. Enabling SSO and migrating your users to SSO in Auvik

Select the authentication method you want users on this site to use:

  1. Go to the desired site dashboard.
  2. Click on Settings in the Auvik navigation menu.
  3. Click on the Authentication tab.
  4. Select the desired Authentication Method:
    • Password, Google account, and Microsoft account
    • Single sign-on for selected users
    • Single sign-on for all users
  5. Click Save.

Users whose accounts have been migrated to SSO can only log in through their Okta credentials. Please make sure all users that you want to use SSO in Auvik are Okta and are configured to have access to Auvik. Currently, Auvik SSO doesn’t support just-in-time provisioning. You must invite the user to Auvik.

If Single sign-on for selected users is selected, this will start the user migration wizard to let you select the users that you want to migrate to SSO. There are three options:

  1. All users that belong to this site
  2. All users that belong to an email domain
  3. Select individual users

After selecting users to migrate, you’ll be asked to confirm your selection and then to start the migration. You can migrate more users to SSO at a later time by editing the user. You can also specify that a user must use SSO when you invite them.

If Single sign-on for all users is selected, this will start the user migration wizard to confirm the users that will be migrated to SSO and start the migration. Any users that weren’t migrated will lose authorization to the site. Selecting this option will prevent you from inviting new users that already have an Auvik account—for example, consultants—because they’ll be using a conflicting authentication method. In this scenario, select Single sign-on for selected users.

If your browser tab or window is closed while the migration is in progress, you can view the progress from the Authentication Method pane.

  1. Go to the desired site dashboard.
  2. Click on Settings in the Auvik navigation menu.
  3. Click on the Authentication tab.

Under Authentication Method, click the See Status link.

Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request