Login
      Contents x
      Integrating with Okta
        • Print
        • PDF
        Contents

        Integrating with Okta

          • Print
          • PDF
          Article Summary

          Available in Classic and VPC

          This section describes how to integrate Okta, a cloud based user account management and permission management solution, with NAVER Cloud Platform. Okta is a solution allowing login to numerous applications with a single account within a high level security environment. Users within the organization can log into NAVER Cloud Platform console with the Okta account being used and use the service within the granted permissions.

          The sequence of integrating NAVER Cloud Platform accounts and Okta accounts is as follows:

          1. Configure Okta authentication
          2. Copy Okta metadata
          3. Register external IdP information on NAVER Cloud Platform
          4. Configure NAVER Cloud Platform authentication
          5. Verify integration

          1. Configure Okta authentication

          This section describes the method of user provisioning to add a SAML application in Okta, add users who will be integrated with NAVER Cloud Platform account, and perform the necessary settings for authentication.

          Note

          In Configure Okta authentication, explanations are provided based on the approach of transmitting authentication information without utilizing a signature. For how to transmit authentication information via signed certificates, see Requests for signature included authentication.

          Create SAML 2.0 application

          The following shows how to add a SAML 2.0 application in Okta.

          Note

          This guide explains the user attribute information primarily used in authentication, which are FirstName, LastName, Email.

          1. Login to Okta.

          2. Click on Applications > Applications sequentially, then click on the [Create App Integration] button.

          3. In the Create a new app integration popup, select SAML 2.0 and then click the [Next] button.

          4. Enter the app name in the App name field and then click the [Next] button.

          5. Enter the information in the General area.

          6. Click the [Show Advanced Setting] button in the General area.

          7. Change the Authentication context class to Password.

          8. In the Attribute Statements area, configure the attributes to be transferred from Okta to NAVER Cloud Platform as follows:
            sso-okta.png.png

            Note

            "Name" is the value to be entered in External IdP Parameter during the Attribute Mapper setting in user profile management of Ncloud Single Sign-On service.

          9. Once the settings are complete, click the [Next] button.

          10. I'm a software vendor. Select I'd like to integrate my app with Okta and then click the [Finish] button.

          Copy SAML integration information

          To integrate Ncloud Single Sign-On service and IdP, you need the Assertion Consumer Service (ACS) URL information, which is the endpoint to receive the SAML response from IdP, and the Issuer URL information to identify the IdP.

          The following describes how to confirm the ACS URL and Issuer URL of NAVER Cloud Platform.

          1. Click the environment you are using in the Region menu and Platform menu of the NAVER Cloud Platform console.
          2. Click Services > Management & Governance > Ncloud Single Sign-On, in that order.
          3. Copy the following information from the External IdP Metadata section in the Tenant menu.
            • Assertion Consumer Service (ACS) URL
            • Issuer URL

          Assign user to application

          The following describes how to assign a user to the application.

          1. Access Okta Developer and then login.
          2. Click the Directory > People menu at the left side of the page.
          3. Click on the user name.
          4. In the [Applications] tab, click on the [Assign Applications] button.
          5. Click the [Assign] button at the right side of the application.
          6. Click the [Save and Go Back] button.

          2. Copy Okta metadata

          The following describes how to copy Okta metadata.

          1. Access Okta Developer and then login.
          2. Click the Applications > Applications menu at the left side of the page.
          3. Click on the application.
          4. Click the [Sign On] tab.
          5. Click on the [Copy] button in the Metadata URL section.
          6. Enter the metadata URL in the web browser's address bar and then access it.
          7. Copy the displayed content.

          3. Register external IdP information on NAVER Cloud Platform

          The following describes how to register Okta metadata on NAVER Cloud Platform.

          1. Click the environment you are using in the Region menu and Platform menu of the NAVER Cloud Platform console.
          2. Click Services > Management & Governance > Ncloud Single Sign-On, in that order.
          3. In the Tenant menu, click the [Register External IdP] button.
          4. In the Metadata section, paste the metadata information downloaded from Copy Okta metadata, then click the [Save] button.
            • The sub-information will be entered automatically.
          5. Click the [Register] button.

          4. Configure NAVER Cloud Platform authentication

          This section describes how to register the Okta account to be integrated as a user in Ncloud Single Sign-On and map user profiles.

          Add SSO User

          You need to create an SSO User in the Ncloud Single Sign-On service using the email information of the user created in Okta.
          The following describes how to add an SSO User in the Ncloud Single Sign-On service.

          1. Click Services > Management & Governance > Ncloud Single Sign-On menus, in that order.
          2. Click External IdP login > Users > [Create User] button.
          3. Enter the email address of the user created in Okta in login ID, then click the [Create] button.
          Note

          For how to create an SSO User in Ncloud Single Sign-On service, see Users.

          Configure Attribute Mapper in NAVER Cloud Platform

          The following shows how to link user attribute information set in Okta to user attribute information of Ncloud Single Sign-On service.

          1. Click the environment you are using in the Region menu and Platform menu of the NAVER Cloud Platform console.
          2. Click Services > Management & Governance > Ncloud Single Sign-On menus, in that order.
          3. Click the Tenant menu.
          4. Click the [Attribute Mapper] button.
          5. When the Attribute Mapper page appears, enter the registered content in the Create SAML 2.0 application in External IdP Parameter.
          6. In Sync mode, set the user profile update method.
            • None: the user profile is not updated.
            • Import: the user profile is updated only upon first login.
            • Force: the user profile is updated at every login.
          7. Click the [Save] button.

          5. Verify integration

          The following describes how to verify if the Okta account and NAVER Cloud Platform account are integrated.

          1. Click the environment you are using in the Region menu and Platform menu of the NAVER Cloud Platform console.
          2. Click Services > Management & Governance > Ncloud Single Sign-On, in that order.
          3. Copy the Login URL from the Tenant menu, then access the URL.
            • The SSO role switch page will appear.
          4. Click the [Console access], [API access] button on the SSO role switch page.
            • Depending on the access type set for the logged-in SSO User, the [Console access] or [API Gateway access] button will appear.
          5. Click Services > Management & Governance > Ncloud Single Sign-On menus, in that order.
          6. Click the External IdP login > User menus, in that order.
          7. Click the [Profile] tab in the detailed information page of the logged-in SSO User, then check if the user profile has been updated.

          Requests for signature included authentication

          This section describes how to make requests for signature included authentication. While it’s possible for the SP to send authentication information to the IdP without signing, utilizing SP’s private keys to send requests with included signatures to the IdP is also an available option. The IdP deciphers the signature using the registered certificate from the SP and validates whether the request is indeed sent by that SP.

          1. Create certificate files through service provider metadata

          The following describes how to generate certificate files utilizing the service provider metadata of NAVER Cloud Platform.

          1. Click the environment you are using in the Region menu and Platform menu of the NAVER Cloud Platform console.
          2. Click Services > Management & Governance > Ncloud Single Sign-On, in that order.
          3. In the External IdP login area of the Tenant menu, click the Service Provider Metadata button.
          4. Copy the information in between <ds:X509Certificate>.
            sso-okta_spmetadata_en.png
          5. Create a certificate file using the copied information.
            • The file should be created with a *.pem extension.
            • During file creation, input "-----BEGIN CERTIFICATE-----" at the start of the metadata and "-----END CERTIFICATE-----" at the end.

          2. Set SAML

          The following describes how to change the SAML settings in Okta.

          1. Access Okta Developer and then login.
          2. Click the Applications > Applications menu at the left side of the page.
          3. Click on the application.
          4. In the [General] tab, click the [Edit] button in the SAML Settings area.
          5. When the first page appears, click the [Next] button without making any settings.
          6. When the second page appears, click the Show Advanced Settings button.
          7. Upload the certificate file in the Signature Certificate section.
          8. Mark the checkbox of Signed Requests, and then click the [Next] button.
          9. Click the [Finish] button.

          3. Edit external IdP information in NAVER Cloud Platform

          The following describes how to edit external IdP information on NAVER Cloud Platform.

          1. Click the environment you are using in the Region menu and Platform menu of the NAVER Cloud Platform console.
          2. Click Services > Management & Governance > Ncloud Single Sign-On, in that order.
          3. In the Tenant menu, click the [Edit External IdP] button.
          4. Enable AuthnRequest Signed.
          5. Select the desired signature algorithm in the Sign Request Algorithm.
          6. When you are done editing, click the [Edit] button.
          7. Copy the Login URL from the Tenant menu.
          8. Enter it into the web browser's address bar and log in.
          Was this article helpful?
          What's Next
          Change password!
          Changing your password will log you out immediately. Use the new password to log back in.
          Change profile
          Success!
          First name must have atleast 2 characters. Numbers and special characters are not allowed.
          Last name must have atleast 1 characters. Numbers and special characters are not allowed.
          Enter a valid email
          Enter a valid password
          Your profile has been successfully updated.
          Logout