To set up Okta as the Identity Provider for Celona Orchestrator (CSO), follow these steps:
Step 1: Create a New SAML Application in Okta
Access Okta Dashboard
Log in to your Okta Admin Console.
Navigate to Applications
Go to Applications → Create App Integration.
Select SAML 2.0 and click Next.
Provide General Settings
App Name: Enter a name for the application (e.g., Celona Orchestrator).
App Logo (Optional): Upload a logo if desired.
App Visibility: Specify whether users can see this app in their Okta dashboard.
Step 2: Configure SAML Settings
Single Sign-On URL
Copy the AssertionConsumerService (ACS) URL from the Orchestrator metadata provided by Celona Support.
Paste it into the Single sign-on URL field in Okta.
Audience URI (SP Entity ID)
Enter the Entity ID from the Orchestrator metadata.
Attribute Statements
Add attribute statements as needed for user identification.
Step 3: Add Custom Group Attribute Statements
If you're configuring for MSP SSO:
Navigate to the Group Attribute Statements section in Okta.
Add a custom attribute with:
Name:
orgScope.Filter: Based on relevant criteria defined for your organization.
Step 4: Grant Access to Relevant User Groups
Assign the application to the relevant user groups:
Go to the Assignments tab of the newly created application.
Click Assign → Assign to Groups.
Select the appropriate groups to grant access to the Celona Orchestrator application.
Step 5: Finalize and Test SSO
Save your configuration in Okta.
Access the SSO Launch URL from CSO:
Use:
https://<cso-fqdn>/v1/api/ssogw/saml/login/alias/<customer_alias_value>
Login Flow:
Ensure redirection to the Okta login page.
After successful login, verify that the user is provisioned and assigned the correct CSO role.
To complete the SSO configuration, follow the steps in the SSO Configuration Guide for IT Admins.
For further assistance, contact Celona Support.