Okta integrations

Prev Next

Available in Classic and VPC

This section describes how to integrate Okta, a cloud based user account management and permissions management solution, with NAVER Cloud Platform. Okta is a solution allowing login to numerous applications with a single account within a high level security environment. Users within the organization can log into the NAVER Cloud Platform console with the Okta account being used and utilize the services within the granted permissions.

The sequence of integrating NAVER Cloud Platform accounts and Okta accounts is as follows:

1. Configure Okta authentication.
2. Copy Okta metadata.
3. Register external IdP information from NAVER Cloud Platform.
4. Configure NAVER Cloud Platform authentication.
5. Verify integrations.

1. Configure Okta authentication

This section describes the method of user provisioning to add a SAML application in Okta, add users who will be integrated with NAVER Cloud Platform account, and perform the necessary settings for authentication.

Reference

In Configure Okta authentication, descriptions are provided based on the approach of forwarding authentication information without utilizing a signature. For more information about how to forward authentication information via signed certificates, see Requests for signature included authentication.

Create SAML 2.0 application

To add a SAML 2.0 application in Okta:

Note

This guide describes the user property information primarily used in authentication, which are FirstName, LastName, and Email.

  1. Log in to Okta.
  2. Navigate to Applications > Applications sequentially, then click on the [Create App Integration].
  3. In the Create a new app integration popup window, select SAML 2.0 and then click the [Next].
  4. Enter the app name in the App name item and then click the [Next].
  5. Enter the information in the General component.
  6. Click the [Show Advanced Setting] in the General component.
  7. Change the Authentication context class to Password.
  8. In the Attribute Statements component, configure the attributes to be forwarded from Okta to NAVER Cloud Platform as follows:
    sso-okta.png.png
    Note

    "Name" is the value to be entered in External IdP Parameter during the Attribute Mapper settings in user profile management of Ncloud Single Sign-On service.

  9. Once the settings are complete, click the [Next].
  10. I'm a software vendor. Select I'd like to integrate my app with Okta and then click the [Finish].

Copy SAML integration information

To integrate Ncloud Single Sign-On and IdP, you need the Assertion Consumer Service (ACS) URL information, which is the endpoint to receive the SAML response from IdP, and the Issuer URL information to identify the IdP.

To confirm the ACS URL and Issuer URL of NAVER Cloud Platform:

  1. From the NAVER Cloud Platform console, navigate to i_menu > Services > Management & Governance > Ncloud Single Sign-On.
  2. Copy the following information from the External IdP Metadata component in the Tenant menu:
    • Assertion Consumer Service (ACS) URL
    • Issuer URL

Assign user to application

To assign a user to the application:

  1. Access Okta Developer and then log in.
  2. Click Directory > People on the left side of the interface.
  3. Click on the user name.
  4. In the [Applications] tab, click on the [Assign Applications].
  5. Click the [Assign] on the right side of the application.
  6. Click the [Save and Go Back].

2. Copy Okta metadata

To copy Okta metadata:

  1. Access Okta Developer and then log in.
  2. Click Applications > Applications on the left side of the interface.
  3. Click on the application.
  4. Click the [Sign On] tab.
  5. Click on the [Copy] in the Metadata URL item.
  6. Enter the metadata URL in the web browser's address bar and then access it.
  7. Copy the displayed content.

3. Register external IdP information from NAVER Cloud Platform.

To register Okta metadata on NAVER Cloud Platform:

  1. From the NAVER Cloud Platform console, navigate to i_menu > Services > Management & Governance > Ncloud Single Sign-On.
  2. In the Tenant menu, click [Register external IdP].
  3. In the Metadata item, paste the metadata information downloaded from Copy Okta metadata, then click the [Save].
    • The sub-information will be entered automatically.
  4. Click the [Register].

4. Configure NAVER Cloud Platform authentication

This section describes how to register the Okta account to be integrated as a user in Ncloud Single Sign-On and map user profiles.

Add SSO user

You need to create an SSO user in the Ncloud Single Sign-On service using the email information of the user created in Okta.
To add an SSO user in the Ncloud Single Sign-On service:

  1. From the NAVER Cloud Platform console, navigate to i_menu > Services > Management & Governance > Ncloud Single Sign-On.
  2. Click External IdP login > Users > [Create user].
  3. Enter the email address of the user created in Okta in login ID, then click the [Create]
Note

For more information about how to create an SSO user in Ncloud Single Sign-On, see Users.

Configure attribute mapper in NAVER Cloud Platform

To link the user property set on Okta to the user property information on the Ncloud Single Sign-On service:

  1. From the NAVER Cloud Platform console, navigate to i_menu > Services > Management & Governance > Ncloud Single Sign-On.
  2. Click the Tenant menu.
  3. Click the [Attribute mapper].
  4. When the Attribute Mapper interface appears, enter the registered content in the Create SAML 2.0 application in External IdP Parameter.
  5. In sync mode, set the user profile update method.
    • None: Do not update user profile.
    • Import: Update user profiles only at first login.
    • Force: Update the user profile at every login.
  6. Click the [Save].

5. Verify integrations

To verify if the Okta account and NAVER Cloud Platform account are integrated:

  1. From the NAVER Cloud Platform console, navigate to i_menu > Services > Management & Governance > Ncloud Single Sign-On.
  2. Copy the Login URL from the Tenant menu, then access the URL.
    • The SSO role switch interface appears.
  3. Click [Console access] and [API access] on the SSO role switch interface.
    • Depending on the access type set for the logged-in SSO user, the [Console access] or [API Gateway access] button appears.
  4. Navigate to Services > Management & Governance > Ncloud Single Sign-On.
  5. Navigate to External IdP login > User.
  6. Click the [Profile] tab in the details interface of the logged-in SSO user, then check if the user profile has been updated.

Requests for signature included authentication

This section describes how to make requests for signature included authentication. While it's possible for the SP to send authentication information to the IdP without signing, utilizing SP's private keys to send requests with included signatures to the IdP is also an available option. The IdP deciphers the signature using the registered certificate from the SP and validates whether the request is indeed sent by that SP.

1. Create certificate files through service provider metadata

To create certificate files utilizing the service provider metadata of NAVER Cloud Platform:

  1. From the NAVER Cloud Platform console, navigate to i_menu > Services > Management & Governance > Ncloud Single Sign-On.
  2. In the External IdP login component of the Tenant menu, click the Service Provider Metadata.
  3. Copy the information in between <ds:X509Certificate>.
    sso-okta_spmetadata_ko.png
  4. Create a certificate file using the copied information.
    • The file should be created in *.pem format.
    • During file creation, input "-----BEGIN CERTIFICATE-----" at the start of the metadata and "-----END CERTIFICATE-----" at the end.

2. Configure SAML

To change the SAML settings in Okta:

  1. Access Okta Developer and then log in.
  2. Click Applications > Applications on the left side of the interface.
  3. Click on the application.
  4. In the [General] tab, click the [Edit] in the SAML Settings component.
  5. When the first interface appears, click the [Next] without making any settings.
  6. When the second interface appears, click the Show Advanced Settings.
  7. Upload the certificate file in the Signature Certificate item.
  8. Mark the checkbox of Signed Requests, and then click the [Next].
  9. Click the [Finish].

3. Edit external IdP information in NAVER Cloud Platform

To edit external IdP information in NAVER Cloud Platform:

  1. From the NAVER Cloud Platform console, navigate to i_menu > Services > Management & Governance > Ncloud Single Sign-On.
  2. In the Tenant menu, click the [Edit External IdP].
  3. Enable AuthnRequest Signed.
  4. Select the desired signature algorithm in the Sign Request Algorithm.
  5. When you are done editing, click the [Edit].
  6. Copy the Login URL from the Tenant menu.
  7. Enter it into the web browser's address bar and log in.