How to configure Nodegrid for OKTA in cluster
Single Sign-on (SSO) enables users to authenticate with multiple applications using only one set of credentials.
Nodegrid can also be configured for OKTA in cluster so okta user can login in the coordinator and the user can access the connected devices from any peer within the cluster.
Prerequisites
1. OKTA SSO configuration in nodegrid
2. Cluster configured in nodegrid
Steps to use Okta SSO at cluster level with groups
Okta Side:
1. Login to Okta admin panel
2. Navigate to Directory and select People
click Add person and enter the name of user and fill the details
3. Navigate to Directory and select Group
click Add group and enter the name of group (in my case sso_okta) and description if required
4. Select the group from list of groups and click Manage People
one can see all users on left side and all users in that group on right side.
one can select the user with '+' sign and add that user into that group
5. Navigate to Application and click the OKTA application. Select General and go to SAML settings and click Edit
6. In Group Attribute Statements, enter these details,
Name - memberOf
Filter - Starts with: sso_
Nodegrid Side:
1. Login as admin in Nodegrid (coordinator)
2. Go to Security::Authorization and add new group
Group Name must be same as Okta Group created in Okta config (sso_okta in this case).
One has to create this group on every peer in the cluster including coordinator
3. Give the required permission to that group for accessing the device.
Go to Security::Authorization select the group, navigate to Profile and give the required permission
4. Add devices and give the device permissions for that group (r/w/rw)
Go to Security::Authorization. Select the group and navigate to Devices. Add devices which need access
5. Save the changes.
Now, Login in coordinator with Okta login option, it will ask for the user credentials of Okta which you have created
After login, on access page one can see all the peers and one can select the devices connected in peer and can access it.
Try to access the remote devices connected to any peer.
Note: Okta user will see the permissions depends on the settings in Security::Authorization::<Group_Name>::Profile
Related Articles
How to Configure Okta in Nodegrid
How to configure Single Sign-On authentication in Nodegrid using Okta This document will guide the configuration required in Nodegrid, and Okta. Nodegrid currently supports SP-Initiated SSO, and IdP-Initiated SSO. Create the Nodegrid Application ...Add Timeout value to OKTA SSO profile
Nodegrid has default timeout value for all sessions in System::Preferences Session Idle Timeout option. Although, there is a way one can set custom timeout value for service like OKTA. OKTA is a customizable and secure solution to add authentication ...How to: Setup the multi-clustering on the Nodegrid OS
This article deals with the description and the configuration of the multi-clustering feature on the Nodegrid OS. Description: Multi-Clustering allows a centralized view and access across various clusters, therefore across various Datacenters and ...Nodegrid Manager Installation in ESXi 5
Nodegrid Manager software is installed from an ISO file. The installation procedure is a three-stage process: Creating a virtual machine; Booting from the ISO file in order to install the software; Restarting and booting from the newly created ...Nodegrid Manager Installation in ESXi 6
Nodegrid Manager software is installed from an ISO file. The installation procedure is a three-stage process: Creating a virtual machine; Booting from the ISO file in order to install the software; Restarting and booting from the newly created ...