Integrate with Okta

Overview

Okta provides a flexible yet simple Identity Provider solution that integrates easily with the Xi Frame platform. Following the steps below, you simply need to locate, copy, and paste certain values between platforms. This process should take less than fifteen minutes.

Xi Frame Preparation

  1. From the Admin view, navigate to the desired entity where you wish to set up your Okta integration.
  2. Click on the ellipsis listed next to the entity name and select “Edit.”
../../_images/oktar_1a.png
  1. Navigate to the “Security” tab. Under “Authentication,” enable the “SAML2” toggle and click “Save” in the upper right corner.
../../_images/oktar_1b.png
  1. More options will appear next to the “Authentication” tab, click on the “SAML2 Providers” tab.
  2. Click “Add SAML2 Provider.” Leave this browser tab open.
../../_images/oktar_1c.png

Okta Preparation

  1. In a separate tab, navigate to your Okta account Dashboard. Click “Add Applications.”
../../_images/oktar_1.png
  1. In the search bar under “Add Application,” type in “Frame.” Click the “Add” button listed next to the Nutanix Frame application.
../../_images/oktar_2.png
  1. Give your application a name or keep the default, if desired. Click “Next.”
  2. You will automatically be taken to the “Assignments” tab of your Nutanix Frame application. Click on the “Sign On” tab.
../../_images/oktar_3.png
  1. Scroll down to the “Identity Provider metadata” link. Copy the link to your clipboard.
../../_images/oktar_metadata.png

Frame Setup

  1. Navigate back to your Xi Frame tab and enter the following data:
../../_images/oktar_frameidp.png
  • Application ID: The Application ID identifies a partner across federation interactions and can be set to any DNS-compliant string. You will be using this value again shortly in another part of the setup.
  • Auth provider metadata: Check the “URL” option for this field and paste the Identity Provider Metadata URL (reference step 10 above) into the “Auth provider metadata” field.
  • Name: Enter your unique SAML2 Integration name here. The name should have only letters, numbers, and the dash symbol; no spaces or punctuation are allowed. It is also case-sensitive. We’ll use the SAML2 integration name okta-auth for this example. Please do not use this name for your own integration.
  • Authentication token expiration: Set the desired expiration time for the authentication token. This can range from 5 minutes to 7 days.
  • Signed response: Leave this toggle disabled. If you wish to use Signed SAML2 Responses, please contact Frame Support or your Account Manager for further instructions.
  • Signed assertion: Enable this toggle.

Note

The SAML2 integration name you choose will be displayed on the SSO login button used by anyone attempting to log in to the platform.

Click “Add” once all data has been entered as instructed.

Okta Setup

  1. Navigate back to your Okta tab. From the “Sign On” tab, click the “Edit” button in the upper right corner of the “Settings” section.
../../_images/oktar_5.png
  1. Under the “SAML2” section, enter https://frame.nutanix.com/ in the “Default Relay State” field.
../../_images/oktar_6.png
  1. Scroll down to the “Advanced Sign-On Settings” section. Enter the same application ID you used earlier in the “Application ID” field of your Xi Frame authentication setup. Click “Save.”
../../_images/oktar_7.png

Configure SAML2 Permissions

Once you have connected the IdP to Xi Frame, administrators will need to configure the authorization rules for the account from the “SAML2 Permissions” tab listed under the “Security” tab of the Settings page. Use the link to read more about User Permissions.

../../_images/saml2permissions.png

You can also authorize any groups or users you want to allow to use the Xi Frame platform in whichever way you normally manage assignments in Okta. Reference the Okta documentation if needed.

Using Okta as a SAML2 Authentication Integration

Your new SAML2 auth integration will appear as button on your Xi Frame login page. The Xi Frame login page URL that your users will navigate to will vary depending on which level the SAML2 integration was configured.

Customer level:

https://frame.nutanix.com/[customer_URL]/

Organizational level:

https://frame.nutanix.com/[customer_URL]/[organization_URL]/

Account level:

https://frame.nutanix.com/[customer_URL]/[organization_URL]/[account_URL]/
../../_images/finalokta.png