Scribd
Upload
100 views

SAML Setup

1. The document provides steps to configure SAML single sign-on between OKTA and Informatica Intelligent Cloud Services (IICS). 2. Key steps include creating a SAML application in OKTA, downloading the OKTA IDP metadata XML, and uploading it to IICS to complete the configuration. 3. User management with SSO can be done by enabling auto-provisioning of users or pre-creating users of type "IDP with SAML" and disabling auto-provisioning.

Uploaded by

ajaybhosal
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
100 views

SAML Setup

1. The document provides steps to configure SAML single sign-on between OKTA and Informatica Intelligent Cloud Services (IICS). 2. Key steps include creating a SAML application in OKTA, downloading the OKTA IDP metadata XML, and uploading it to IICS to complete the configuration. 3. User management with SSO can be done by enabling auto-provisioning of users or pre-creating users of type "IDP with SAML" and disabling auto-provisioning.

Uploaded by

ajaybhosal
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

HOW TO: Configure SAML Single Sign On(SSO) using OKTA

in IICS

May 19, 2022•Knowledge


Solution
Follow the steps below to configure SAML SSO in Informatica Cloud using OKTA:
1. Ensure to have a valid OKTA account and user with Admin privileges.

2. Login to OKTA and click on "Applications" and click "Add Application".

3. Click on "Create New App". Okta will prompt you with "What type of application integration?", select
"SAML 2.0" and click "Create".

4. This will take one to "Create SAML Integration" wizard and display "General Settings"
a. Enter "App Name".
b. Optionally select/enter App logo and App visibility and click "Next".

5. Configure SAML
Enter "Single Sign on URL" from "Location" attribute of "AssertionConsumerService" element in ICS
SAML metadata XML. One can get the metadata XML by login to Informatica Cloud and
under Administer > SAML SSO.

        
Refer to the following screenshot for reference to find the correct URL:

b. Enter Audience URI (SP Entity ID) from ICS's "entityID" attribute of "EntityDescriptor" element. 

c. Select name ID format, Default username 

        d. Optionally configure attribute statements to send First Name, Last name, Email Address, Job
Title, Phone Number, Role, and so on.

6. Select App  type accordingly.

7. Click on Finish. It will take you to the application page for the just created SAML application.
8. Click on "Sign On" tab and click on "Identity Provided metadata" link to download Okta IDP metadata
XML and save as XML file.

9. Use the downloaded Okta IDP metadata XML file to configure SAML SSO in ICS. Upload the file in
Informatica Cloud. Refer to the below screenshot from point 10 for reference (select choose file
option).
10. "Disable auto-provision of users" --> If this property is checked, IICS will check for the existence of
the user and based on that will allow log in. If this is unchecked, IICS will create a user based on the
SAML request.  Please make sure that the existing user in IICS is having authentication type as "IDP
with SAML" else IICS will throw "The SAML user does not exist in your organization" error.

11. If the existing user is created with different authentication types, try changing it to "IDP with SAML".
If "Changing the authentication to IDP with SAML is not supported" error is thrown, then please drop
the existing user and create a new user with authentication type as "IDP with SAML".   

Q: How to manage the user when SSO is configured in Informatica Intelligent


Cloud Services (IICS)?
 
A: Users could be automatically created by unchecking the "Disable auto-provision of a user" box or check the
box "Disable auto provision of a user" and then create the SSO type user upfront. SSO type user can be
created in Administrator > Users 
 
 
Q: If auto-creation of users is enabled does anyone with SSO URL will be able
to login?
 
A: Yes, anyone in the organization would be able to login to IICS if your IDP authenticates the user
successfully.
     Restrictions to any user or user group should be from IDP.
 
 
Q: Then how to avoid/restrict the unintended users to log in?
 
A: > Option1: create SSO type user upfront before the user tries to login and check the box "Disable auto-
provision of a user"
    > Option2: Un-check the box "Disable auto-provision of a user" and let the user get created
automatically but restrict the user authentication from the IDP side.
 
 
Q: Can you use SAML Role Mapping in the SSO config page to restrict the users?
 
A: No, SAML Role Mapping is just to map a role in IDP to a role in IICS.
 
 
Q: How to create SSO users?
 
A: Select 'IDP with SAML'  in Authentication while creating users in IICS > Administrator > User
 
 
Q: Does the SSO user gets updated in every login?
 
A: Yes, users can be updated in every login by enabling the check box 'Map SAML Groups and Roles'
.
 
 
Q: How to map the user group or roles from IDP to IICS?
 
A: Both role mapping n group mapping is possible, please refer the respective section in SAML SSO setup page
 
 
Q: Can we convert an existing native user to a SAML SSO user?
 
A: No, the user type cannot be changed. It will give an error in the UI itself: Changing the authentication to
IDP with SAML is not supported
 
 
Q: Why do we see .SAML, .SAML2, .SAML3, etc... suffix in some user names?
 
A: For SAML users, the IICS user name is the same as the SAML name identifier unless that name is already
used in the IICS organization. If the name is already used, then Informatica Intelligent Cloud Services appends
the string ".SAML," ".SAML1," ".SAML2," etc. to the end of the SAML name identifier to form a unique 
Informatica Intelligent Cloud Services user name.

You might also like