NSX Advanced Load Balancer as SP and Okta as IdP

The sequence of events from the user access request is illustrated here:

Configuring Okta as IdP

1. Login to the Okta developer account with admin access and click the Applications dropdown.

2. Select Applications and click Create App Integration.

3. Click SAML 2.0 to connect Okta with the SAML application and click Next.
   
   

4. Enter the App name. Click Next,

5. In SAML Settings, provide the SSO URL in the format https://SPresource/sso/acs/, for example, https://sales.avi.com/sso/acs/ and the Audience URI must be same as Entity ID. Click Next.

   
   
   
   Note:

   The trailing slash (/) after acs is mandatory.

   Ensure that the SSO URL and Entity ID are the same in the IDP configuration and NSX Advanced Load Balancer configuration.

6. Configure the optional settings, as required and click Next,
   
   

7. Choose the relevant options in the n

8. Click Finish.

Configuring Metadata

Under the Sign on tab, the metadata details are available.

Copy theMetadata URL and paste it as IDP Metadata URL in the SAML auth Profile in NSX Advanced Load Balancer.

Alternatively, copy the Metadata URL to your browser to access the metadata file. Copy the metadata and paste it as IDP Metadata in the SAML auth profile in NSX Advanced Load Balancer.

Assign the Apps to Users

To assign the apps to the local users, groups, or AD users,

1. Click the Assignments tab.

2. Click the Assign dropdown and select Assign to People or Assign to Groups, as required. In this example. Assign to People is selected.

3. To assign to a specific user, search for the user and click Assign.

4. Click Done.

This completes the process of creating an application on Okta.

Once configuration is complete on Okta, configure an NSX Advanced Load Balancer virtual service to act as service provider. For more information, see SAML Configuration on NSX Advanced Load Balancer.