System Settings to Support SSO - Okta
To set up SSO for Okta with File Access Manager, follow the task checklist below, followed by a detailed description of each step:
Task Checklist:
- Website: Log in using the wbxadmin credentials and create a data source for SSO users.
- Admin client: Create an identity collector based on this data source.
- Admin client: Select this identity store as the authentication store.
- Website: Run the Identity Collector task that was recently selected as the authentication store. This will load the Okta users into the database.
- Website: Select SAML login and sign in to the relevant SSO provider.
- You should now be logged into File Access Manager as the SSO provider user.
Detailed Settings
-
For the website, create a data source for SSO users.
Note
First time login to File Access Manager using wbxadmin credentials**.
-
Open the website and select Continue with username and password.
Warning
Ensure you use the correct URL. The URL used to log in should match the Redirect URL entered in the OKTA application during its creation. If you use HTTPS, both the login link and redirect URL in Okta should use HTTPS.
Warning
If you use an IP address instead of the server name, both the login link and Redirect URL in Okta should be written with the IP address.
-
Log in to the system with the wbxadmin username and the password entered during the installation of the system.
- Select Login.
- Navigate to Admin > Data Sources > Add New Data Source.
-
Create a data source containing a list of Okta Users that you want to access File Access Manager.
- The data source could be a query from a database table, a local Excel file, or a static table stored in File Access Manager.
- The data source should have a single column containing the user login, such as User Principal Name.
- The users should be assigned to the File Access Manager application in Okta.
- For example, name the data source "OktaUsers" and the column "User Principal Name".
-
For the Admin client, create an identity collector based on this data source
- Navigate to Configuration > Permissions Management > Identity Collectors.
- Select New and select the Data Source-based Identity Collector.
- Enter a name for the collector and uncheck "This application uses Groups".
- Select Next and select the Data Source created in the website.
- Map the User Principal Name to Username.
- Select Next.
- In the Identity Collector Users Collections (3 of 3), uncheck all checkboxes (Users Tree, Unique User Accounts Mapping).
- Select Next.
- Create a scheduler to define the update frequency for reading new users from the Okta data source.
- Select Finish and wait until the task is completed.
- Close the Identity Collector Configuration window.
- Navigate to Configuration > General Configuration > Authentication Store.
- Select the identity collector you created earlier as the current authentication store.
- Select Finish.
- Navigate to Settings > Tasks Management > Scheduled Tasks.
- Run the Identity Synchronization task, which was recently selected as the authentication store.
- On the website, Select on the SAML login button.
- Sign in to the relevant SSO Provider (Okta in this case).
- If prompted, Select on Send anyway and sign in for the first time.
You should now be logged into File Access Manager as the Okta user.