Okta is a popular identity management product that can be integrated with Wavefront to enable single sign-on.
Step 1. Create the Wavefront Application in Okta
Note: Steps 1 - 12 are only required if the Wavefront application is not present in Okta. Otherwise, proceed to step 13 to copy and paste the metadata.
- In Okta, click Add Applications.
- Click Create New App.
- In the Create a New Application dialog, select SAML 2.0 and click Create.
- In the App name field, type Wavefront.
Right-click and save the Wavefront logo:
- In the App logo field, browse to the logo file and click Upload Logo.
- Click Next.
- Enter the following SAML settings:
- Single sign on URL - https://YOUR_CLUSTER.wavefront.com/api/saml/login
- Use this for Recipient URL and Destination URL - Checked
- Audience URI (SP Entity ID) - https://YOUR_CLUSTER.wavefront.com
- Default RelayState - <LEAVE BLANK>
- Name ID Format - EmailAddress
- Application username - Email
- Click Next.
- In the Are you customer or partner? field, select I’m an Okta customer adding an internal app.
- In the App type field, select This is an internal app that we have created.
- Click Finish.
In the application Sign On tab, click View Setup Instructions and click the Identity Provider metadata link to copy and paste the metadata.
Step 2. Send Identity Provider Metadata to Wavefront
Wavefront version 2020.30 and earlier
- Send the link to firstname.lastname@example.org with a request to set up Okta integration for Wavefront. We’ll notify you as soon as we’ve done this. At that point the users would authenticate to Wavefront through Okta instead of using a password. Any new user that comes along that did not yet exist in Wavefront would just get auto-created on the Wavefront side on first authentication.
Wavefront version 2020.34 and later
- Log in to Wavefront with a user account for which
SAML IDP Adminpermission is enabled.
- Click on the gear icon on top right corner and navigate to Self Service SAML.
- Select Identity Provider as Okta from the list.
- Copy the downloaded metadata from Step 2 into the Configure Connection text box.
Click Test to test the validity of metadata. A new browser window opens with Okta login page.
Note: The Save button is disabled until you’ve completed a test successfully.
- Log in to Okta. After the login is successful, click Save.
Going forward, users who attempt to log in to Wavefront are redirected to Okta. If a user can authenticate to Okta but is not currently a Wavefront user, that user is auto-created on the Wavefront side. Password authentication is no longer supported.