Single Sign-on (SSO) enables users to authenticate with multiple applications using only one set of credentials.
Nodegrid can also be configured for OKTA in cluster so okta user can login in the coordinator and the user can access the connected devices from any peer within the cluster.
Prerequisites
1. OKTA SSO configuration in nodegrid
2. Cluster configured in nodegrid
Steps to use Okta SSO at cluster level with groups
Okta Side:
1. Login to Okta admin panel
2. Navigate to Directory and select People
click Add person and enter the name of user and fill the details
3. Navigate to Directory and select Group
click Add group and enter the name of group (in my case sso_okta) and description if required
4. Select the group from list of groups and click Manage People
one can see all users on left side and all users in that group on right side.
one can select the user with '+' sign and add that user into that group
5. Navigate to Application and click the OKTA application. Select General and go to SAML settings and click Edit
6. In Group Attribute Statements, enter these details,
Name - memberOf
Filter - Starts with: sso_
Nodegrid Side:
1. Login as admin in Nodegrid (coordinator)
2. Go to Security::Authorization and add new group
Group Name must be same as Okta Group created in Okta config (sso_okta in this case).
One has to create this group on every peer in the cluster including coordinator
3. Give the required permission to that group for accessing the device.
Go to Security::Authorization select the group, navigate to Profile and give the required permission
4. Add devices and give the device permissions for that group (r/w/rw)
Go to Security::Authorization. Select the group and navigate to Devices. Add devices which need access
5. Save the changes.
Now, Login in coordinator with Okta login option, it will ask for the user credentials of Okta which you have created
After login, on access page one can see all the peers and one can select the devices connected in peer and can access it.
Try to access the remote devices connected to any peer.
Note: Okta user will see the permissions depends on the settings in Security::Authorization::<Group_Name>::Profile