Using Okta as your identity provider

Suggest edits

Prerequisites

To connect BigAnimal to Okta, you must have either:

  • One of the following roles in Okta:

    • Super Administrator
    • Application Administrator

  • A custom admin role with similar permissions.

    Learn more about Okta administrator roles.

Unique URL and access code are provided in an email from cloudcare@enterprisedb.com. Contact cloudcare@enterprisedb.com if you don't receive the email. The URL becomes invalid after you set up your identity provider with BigAnimal. If you have issues with the code or identity provider setup, contact Support.

Set up BigAnimal with Okta

  1. To access the Set Up Identity Provider page in BigAnimal, open the link in the email sent from cloudcare@enterprisedb.com.

  2. In a separate browser tab or window, log into the Okta Admin Console.

  3. From the left navigation pane, select Applications. On the Applications page:

    1. Select Create App Integration.

    2. Select SAML 2.0 as the sign-in method.

    3. Enter a name for your application.

    4. Select Do not display application icon to users and Do not display application icon in the Okta Mobile app.

  4. Go to the Configure SAML step.

    1. Copy and paste the following information from the Set Up Identity Provider page in BigAnimal to Okta:

      Copy from BigAnimalPaste in Okta
      Audience URIAudience URI (SP Entity ID)
      Assertion Consumer Service URLSingle sign-on URL

    2. In the Attribute Statements section, enter the configuration. We recommend the following:

      NameValueNotes
      <assertion_path>/nameuser.nameThe name field defaults to the user’s email. Alternatively, you can set the value as the following Okta expression to combine the first and last names: user.firstName + " " + user.lastName
      <assertion_path>/emailaddressuser.email
      <assertion_path>/nameidentifieruser.userIdOptional
      <assertion_path>/surnameuser.lastName
      <assertion_path>/givennameuser.firstName

      Where <assertion_path> is http://schemas.xmlsoap.org/ws/2005/05/identity/claims.

    3. On the Assignments tab on the Applications page, select Assign to assign people or groups to the newly created application. If you need to sign into BigAnimal, be sure to assign yourself.

    4. On the Sign On tab, select View SAML setup instructions to open a tab with instructions for your application.

      1. Copy from the Identity Provider Single Sign-on URL from step 1 of the SAML setup instructions.
      2. Select Download certificate in step 3 of the instructions.

    5. In BigAnimal, on the Setup Config tab on the Set Up Identity Provider page:

      1. Paste the Identity Provider Single Sign-on URL you copied from Okta into the Single Sign-On URL field.
      2. For Identity Provider Signature Certificate, upload the certificate downloaded from Okta.
      3. Select the appropriate method for Request Binding. Okta supports HTTP-POST, HTTP-Redirect, and Hybrid.
      4. Select the appropriate value for Response Signature Algorithm. Okta AD supports rsa-sha256 and rsa-sha1.
      5. Select Test Connection. If the connection is successful, select Sign in to BigAnimal to complete the setup process in the BigAnimal portal.
← Prev

Using Google Workspace (G Suite) as your identity provider

Next →

Setting up your Azure Marketplace account