Skip to main content
All CollectionsGetting Started with Celona 5G LAN
SSO Configuration on Okta
SSO Configuration on Okta
A
Written by Angelin Monica
Updated over 3 weeks ago

To set up Okta as the Identity Provider for Celona Orchestrator (CSO), follow these steps:

Step 1: Create a New SAML Application in Okta

  1. Access Okta Dashboard

    1. Log in to your Okta Admin Console.

  2. Navigate to Applications

    1. Go to ApplicationsCreate App Integration.

    2. Select SAML 2.0 and click Next.

  3. Provide General Settings

    1. App Name: Enter a name for the application (e.g., Celona Orchestrator).

    2. App Logo (Optional): Upload a logo if desired.

    3. App Visibility: Specify whether users can see this app in their Okta dashboard.

Step 2: Configure SAML Settings

  1. Single Sign-On URL

    1. Copy the AssertionConsumerService (ACS) URL from the Orchestrator metadata provided by Celona Support.

    2. Paste it into the Single sign-on URL field in Okta.

  2. Audience URI (SP Entity ID)

    1. Enter the Entity ID from the Orchestrator metadata.

  3. Attribute Statements

    1. Add attribute statements as needed for user identification.

Step 3: Add Custom Group Attribute Statements

If you're configuring for MSP SSO:

  1. Navigate to the Group Attribute Statements section in Okta.

  2. Add a custom attribute with:

    • Name: orgScope.

    • Filter: Based on relevant criteria defined for your organization.

Step 4: Grant Access to Relevant User Groups

  1. Assign the application to the relevant user groups:

    • Go to the Assignments tab of the newly created application.

    • Click AssignAssign to Groups.

  2. Select the appropriate groups to grant access to the Celona Orchestrator application.

Step 5: Finalize and Test SSO

  1. Save your configuration in Okta.

  2. Access the SSO Launch URL from CSO:

    • Use: https://<cso-fqdn>/v1/api/ssogw/saml/login/alias/<customer_alias_value>

    • The <customer_alias_value> will be:

      • <companyName>_self_serve where <companyName> is Account Name without whitespace as displayed on the Account Info page.

      • Use Case-1: If the SSO launch point is from the `IDP Dashboard, then a separate icon bookmarked to the above URL can be added (Okta has Bookmark App to hyperlink for an Icon. Ex: Celona)

      • Use Case-2: If the SSO launch point is from the Customer Portal, the above URL needs to be embedded as a hyperlink inside the portal.

  3. Login Flow:

    • Ensure redirection to the Okta login page.

    • After successful login, verify that the user is provisioned and assigned the correct CSO role.

To complete the SSO configuration, follow the steps in the SSO Configuration Guide for IT Admins.

For further assistance, contact Celona Support.

Related Articles
Network Prerequisites - Firewall Configuration
SSO (Single sign-on) Configuration Guide for IT Admins
MicroSlicing Configuration
General Test Details and Characteristics
SSO Configuration on Azure
Did this answer your question?