Aerobase with Okta SAML Provider

Okta, an identity platform, can be used for digital businesses to simplify authentication and authorization processes for service providers, identity providers, and of course users. This will allow users to be able to use one set of credentials for multiple websites and applications. To integrate Aerobase with Okta Security Assertion Markup Language (SAML) Provider, Aerobase and Okta need to be configured in parallel.

To test the OKTA identity provider you will need to register your own trial OKTA organization here.

To do so, you need to:

  1. Add a SAML provider in Aerobase

  2. Add a SAML application in Okta

  3. Import the SAML application metadata into the provider

To add a SAML identity provider in Aerobase:

  1. Access the Aerobase Admin page, using the URL http://[FQDN or IP]/auth/admin/kryon/console/#/realms/kryon.

  2. Go to Identity Providers (under Configure on the left pane).

  3. Select the SAML v2.0 provider from the list of providers.

    Aerobase SAML Identity Providers documentation is here.

Configure SAML identity provider in Aerobase

To configure a SAML identity provider in Aerobase:

Copy the Redirect URI, and keep this window open for now.

  1. In the Aerobase Admin page, go to Identity providers (under Configure on the left pane).

  2. Under Add Identity Provider, provide the alias.

    Note: It is part of Redirect URI

To add a SAML application in Okta:

  1. Sign in to your Okta application and go to the Admin Panel.

  2. Under Applications in the Admin Console, select Create a New Application Integration.

  3. Select SAML 2.0 from the Sign on method options.

  4. Click Create.

  5. In the General Settings, provide the application name.

  6. Click Next.

  7. Copy Aerobase’s Redirect URI to Single sign on URL and Audience URI (SP Entity ID) settings.

  8. Configure the App type and click Finish.

Copy the metadata link

Now that the application is added to Okta, we need to copy the Identity Provider metadata link under Sign on Settings and import it into Aerobase.

You need to assign people to the application (see below).

To Import Okta SAML metadata into Aerobase:

  1. In Aerobase, go to Import (under Manage on the left pane).

  2. Paste the metadata link into the Import from URL area.

  3. Click Import and Save.

Disable the email verification option:

In Aerobase, go to Authentication (under Configure), click the Required Actions tab, and deselect Enable of Verify Email.

Define OKTA user groups. Each user group will stand for the particular user role in the Nintex system.

To add user groups:

  1. In the Okta application Admin Panel, go to Groups (under Directory on the left pane).

  2. Click Add Group.

  3. Add these groups by typing into the text box:

    • studio-developer

    • admin-access

    • admin-catalog

    • admin-license

    • admin-permissions

  4. Click on an added group, and select the Apps tab to link each created group to the OKTA application (groups created above).

  5. Click KryonTestPD.

To create OKTA user accounts and link them to the appropriate groups (roles):

To check, you can go to Directory > People > Person and Username to make sure you can see your newly-added user

  1. In the Okta application, go to People (under Directory on the left pane).

  2. Click Add person.

  3. Select User as the User type

    • Username/Primary email can be the same

    • Select Set by admin by Password

    • Enter Password: Nintex123456!

  4. Click Save.

Next Steps:

Follow these instructions: