How to Configure Okta in Nodegrid

How to Configure Okta in Nodegrid

How to configure Single Sign-On authentication in Nodegrid using Okta


This document will guide the configuration required in Nodegrid, and Okta.

Nodegrid currently supports SP-Initiated SSO, and IdP-Initiated SSO.

Create the Nodegrid Application in Okta

  1. Log on to the Okta Admin Panel and navigate to Applications.
  2. Click Add Application, then click on Create New App. See SAML Application Setup (https://developer.okta.com/docs/guides/saml-application-setup/overview/) for help.
  3. Select Web as the Platform and SAML 2.0 as the Sign on method. Click Create.
  4. Enter an App name, then click Next.
  5. Fill out the following fields:
  1. Single sign on URL: https://<IP>/saml/2-0/<IdP Name>
  1.  IP: Insert Nodegrid’s IP
  2.  IdP Name: Has to be the same as the Name field in Nodegrid
  1. Audience URI (SP Entity ID): Must be the same as the Entity ID field from the Nodegrid’s configuration
  2. Default RelayState: Leave it blank
  3. Name ID format: Select Unspecified
  4. Application username: Select Okta username prefix
  5. Update application username on: Select Create and Update
  1. To enable Group Mapping, under GROUP ATTRIBUTE STATEMENTS:
  1. Name: memberOf. Name format: Unspecified.
  2. Filter: Starts with sso_. (This will only get groups that start with prefix: sso_).
  1. Click Next.
  2. Select I’m an Okta customer adding an internal app. Check the This is an internal app that we have created box. Click Finish
  3. Under Assignments, click on Assign, and choose what users or groups are going to have access to this App.
  4. Under Sign On, click on View Setup Instructions.


  1. Scroll down, and copy the xml data, and paste it to an XML file, or download the certificate, and copy the fields into Nodegrid.


Nodegrid Setup: Web Interface

  1. Login as admin in the Nodegrid Web Interface 
  2. Click on the 'Security' icon, then 'Authentication' tab 
  3. Click on 'SSO' tab
  4. If you copied Okta’s XML metadata and pasted it to an XML file, click on the 'Import Metadata' button. If you only downloaded the certificate, click on 'Add'.
  5. Fill out all fields:
  1. Name: Name of Identity Provider
  2. Status: Status of Identity Provider
  1. Only one Identity Provider can be enabled at a time
  1. SSO URL:  Copy the SSO URL from the Okta Admin dashboard
  2. Entity ID:  Unique ID of Service Provider
  3. Issuer: Copy the Entity ID from the Okta Admin dashboard
  4. x.509 Certificate: Upload okta.crt (Nodegrid does not accept .cert files) that was downloaded from Okta Admin dashboard. 
  5. Icon: Choose an icon that will show on login page
  1. After entering all the required information click Save.
  2. This is an example of a valid configuration:




Nodegrid Group Setup: Web Interface

If group mapping is enabled in Okta, then the groups must also exist in Nodegrid. Here are the steps to create a group in Nodegrid:

  1. Login as admin in the Nodegrid Web Interface 
  2. Click on the 'Security' icon, then 'Authorization' tab
  3. Add group (Name must match group name in Okta)
  4. Click on the newly added group, go to Profile tab
  5. Under System Permissions, add permissions for the group. 


Verify SSO

  1. Go to your Nodegrid
  2. On the login page, there should be a Login with button with the Identity Provider's chosen icon
  3. Click on the button
  4. This redirects you to Okta’s login page
  5. Enter your primary directory logon information
  6. Pass Okta’s two-factor authentication
  7. Get redirected back to Nodegrid after authenticating





    • Related Articles

    • Single Sign-On (SSO)

      What is Single Sign-on? Single Sign-on (SSO) enables users to authenticate with multiple applications using only one set of credentials. After the first authentication, users are then signed in to other applications automatically. With SSO, users ...
    • How to Configure Nodegrid Serial Ports

      To configure the serial ports of your Nodegrid Serial Console, follow the guideline steps below.   WebUI Log in as admin to the Nodegrid Serial Console Web interface. Go to Managed Devices page. Select the serial ports you want to configure, or check ...
    • How to Configure Active Directory or LDAP Authentication Provider

      Version 0.1 (08 May 2018) Overview NodeGrid supports the authentication and authorization of users through different authentication providers, like LDAP. This guide will look at the different authentication options which are available with LDAP or AD ...
    • Nodegrid Manager Installation in ESXi 6

      Nodegrid Manager software is installed from an ISO file. The installation procedure is a three-stage process:  Creating a virtual machine; Booting from the ISO file in order to install the software; Restarting and booting from the newly created ...
    • Nodegrid Manager Installation in ESXi 5

      Nodegrid Manager software is installed from an ISO file. The installation procedure is a three-stage process:  Creating a virtual machine; Booting from the ISO file in order to install the software; Restarting and booting from the newly created ...