How to Configure Okta in Nodegrid

How to Configure Okta in Nodegrid

How to configure Single Sign-On authentication in Nodegrid using Okta


This document will guide the configuration required in Nodegrid, and Okta.

Nodegrid currently supports SP-Initiated SSO, and IdP-Initiated SSO.

Create the Nodegrid Application in Okta

  1. Log on to the Okta Admin Panel and navigate to Applications.
  2. Click Add Application, then click on Create New App. See SAML Application Setup (https://developer.okta.com/docs/guides/saml-application-setup/overview/) for help.
  3. Select Web as the Platform and SAML 2.0 as the Sign on method. Click Create.
  4. Enter an App name, then click Next.
  5. Fill out the following fields:
  1. Single sign on URL: https://<IP>/saml/2-0/<IdP Name>
  1.  IP: Insert Nodegrid’s IP
  2.  IdP Name: Has to be the same as the Name field in Nodegrid
  1. Audience URI (SP Entity ID): Must be the same as the Entity ID field from the Nodegrid’s configuration
  2. Default RelayState: Leave it blank
  3. Name ID format: Select Unspecified
  4. Application username: Select Okta username prefix
  5. Update application username on: Select Create and Update
  1. To enable Group Mapping, under GROUP ATTRIBUTE STATEMENTS:
  1. Name: memberOf. Name format: Unspecified.
  2. Filter: Starts with sso_. (This will only get groups that start with prefix: sso_).
  1. Click Next.
  2. Select I’m an Okta customer adding an internal app. Check the This is an internal app that we have created box. Click Finish
  3. Under Assignments, click on Assign, and choose what users or groups are going to have access to this App.
  4. Under Sign On, click on View Setup Instructions.


  1. Scroll down, and copy the xml data, and paste it to an XML file, or download the certificate, and copy the fields into Nodegrid.


Nodegrid Setup: Web Interface

  1. Login as admin in the Nodegrid Web Interface 
  2. Click on the 'Security' icon, then 'Authentication' tab 
  3. Click on 'SSO' tab
  4. If you copied Okta’s XML metadata and pasted it to an XML file, click on the 'Import Metadata' button. If you only downloaded the certificate, click on 'Add'.
  5. Fill out all fields:
  1. Name: Name of Identity Provider
  2. Status: Status of Identity Provider
  1. Only one Identity Provider can be enabled at a time
  1. SSO URL:  Copy the SSO URL from the Okta Admin dashboard
  2. Entity ID:  Unique ID of Service Provider
  3. Issuer: Copy the Entity ID from the Okta Admin dashboard
  4. x.509 Certificate: Upload okta.crt (Nodegrid does not accept .cert files) that was downloaded from Okta Admin dashboard. 
  5. Icon: Choose an icon that will show on login page
  1. After entering all the required information click Save.
  2. This is an example of a valid configuration:




Nodegrid Group Setup: Web Interface

If group mapping is enabled in Okta, then the groups must also exist in Nodegrid. Here are the steps to create a group in Nodegrid:

  1. Login as admin in the Nodegrid Web Interface 
  2. Click on the 'Security' icon, then 'Authorization' tab
  3. Add group (Name must match group name in Okta)
  4. Click on the newly added group, go to Profile tab
  5. Under System Permissions, add permissions for the group. 


Verify SSO

  1. Go to your Nodegrid
  2. On the login page, there should be a Login with button with the Identity Provider's chosen icon
  3. Click on the button
  4. This redirects you to Okta’s login page
  5. Enter your primary directory logon information
  6. Pass Okta’s two-factor authentication
  7. Get redirected back to Nodegrid after authenticating





    • Related Articles

    • How to configure Nodegrid for OKTA in cluster

      Single Sign-on (SSO) enables users to authenticate with multiple applications using only one set of credentials. Nodegrid can also be configured for OKTA in cluster so okta user can login in the coordinator and the user can access the connected ...
    • Add Timeout value to OKTA SSO profile

      Nodegrid has default timeout value for all sessions in System::Preferences Session Idle Timeout option. Although, there is a way one can set custom timeout value for service like OKTA. OKTA is a customizable and secure solution to add authentication ...
    • Single Sign-On (SSO)

      What is Single Sign-on? Single Sign-on (SSO) enables users to authenticate with multiple applications using only one set of credentials. After the first authentication, users are then signed in to other applications automatically. With SSO, users ...
    • How to authorize OKTA groups in Nodegrid

      Okta Side: 1. Login to Okta admin panel 2. Navigate to Directory and select People click Add person and enter the name of user and fill the details 3. Navigate to Directory and select Group click Add group and enter the name of group (in my case ...
    • How to Configure Nodegrid Serial Ports

      To configure the serial ports of your Nodegrid Serial Console, follow the guideline steps below.   WebUI Log in as admin to the Nodegrid Serial Console Web interface. Go to Managed Devices page. Select the serial ports you want to configure, or check ...