Skip to main content

Authenticate to H2O Managed Cloud using Okta

This tutorial guides you through the process of configuring Okta as an identity provider (IdP) for your H2O Managed Cloud environment. This enables your users to log in to H2O Managed Cloud through Okta.

Create a new SAML application

  1. Log in to your Okta admin console.

  2. Expand the Applications section on the left-navigation pane and select Applications.

  3. Click Create App Integration and select SAML 2.0. Then, click Next.

    okta-create-saml-app

  4. Under General Settings, enter a suitable name for your application as the App Name. Then, click Next.

    Optionally, you can also fill in the other settings here like your application logo and visibility.

  5. Enter the following SAML settings.

    okta-saml-settings

  6. Add the following attribute mappings under Attribute Statements and click Next.

    NameName FormatValue
    firstNameUnspecifieduser.firstName
    lastNameUnspecifieduser.lastName
    emailUnspecifieduser.email

    okta-attribute-statements

  7. Select I'm an Okta customer adding an internal app and click Finish.

Get the SAML setup details

  1. On the Sign On tab of your application, click the View SAML setup instructions button found on the right side of the screen.

  2. You will be redirected to a screen with setup instructions. Make a note of the Identity Provider Single Sign-On URL and the Identity Provider Issuer. You will be needing these values later.

  3. Click the Download Certificate button found under the third step.

  4. Convert the certificate to a .pem file by navigating to the .cert location on your machine and running the following command. 

    openssl x509 -in okta.cert -out example.pem -outform PEM.

  5. Send the Identity Provider Single Sign-On URL value, Identity Provider Issuer value, and the .pem file to H2O. You will then recieve information and a certificate from H2O.

Set up SAML authentication

  1. Expand the Applications section on the left-navigation pane of the Okta admin console, and select Applications.

  2. Find and click on the SAML application you created previously.

  3. Navigate to the General tab and click Edit under SAML Settings.

  4. Click Next to move to the Configure SAML tab and enter the Single sign-on URL and Audience URI (SP Entity ID) values you recieved from H2O.

  5. Click Show Advanced Settings.

  6. Locate the Signature Certificate field and click Browse Files. Upload the certificate you recieved from H2O.

    okta-upload-signature-cert

  7. Click Next, and then click Finish.

You have now configured H2O Managed Cloud to trust Okta as an IdP. You can navigate to the Assignments tab of your SAML application on Okta, and assign users to the application. This will enable the assigned users to log in to H2O Managed Cloud using their Okta credentials.

Feedback