• Buy Now
    • Rackspace Cloud
    • Email & Apps
    • Fanatical Support for AWS
    • Managed Google Cloud Platform
    • Office 365
  • Log In
    • MyRackspace Portal
    • Cloud Control Panel
    • Rackspace Webmail Login
    • Cloud Office Control Panel
  • Rackspace Logo
  • Developer Home
  • Developer Documentation
  • Blogs ▼
    • Technical Blog
    • Rackspace Blog
    • Solve: Thought Leadership
  • Support Documentation

Developer Docs


Let’s Build Something Powerful Together!

End-to-End Multicloud Solutions.   Solving Together.™   Learn more at Rackspace.com

Submit an issue
  • Rackspace Identity Federation Guide
  • Overview
    • Features
    • Compatibility
    • Dedicated hosting
  • Getting started
    • Prerequisites
    • Summary of steps
      • Add Rackspace Federation to your identity provider
      • Add an Identity Provider
      • Configure the Attribute Mapping Policy
      • Log in
    • Concepts
  • Configure Third-Party SAML providers
    • Active Directory Federation Services
      • Configure ADFS
      • Attribute mapping for ADFS
    • Okta
      • Prerequisites
      • Configure Rackspace Federation at Okta
      • Okta metadata
      • Next steps
      • Optional settings
      • Attribute mapping for Okta
      • Mapping Okta groups to Rackspace
      • Mapping Rackspace permissions to Okta groups
      • Attribute policy mapping example
    • Other SAML providers
      • SAML configuration items
      • SAML attribute mapping
  • Configure Attribute Mapping
    • Required SAML attributes and mapping example
      • Required values
      • Setting values with Attribute Mapping
      • Example policy with required attributes
    • Assigning Rackspace permissions
      • Basic example
      • Permissions by groups
    • Permissions by groups example - Cloud
    • Permissions by groups example - Dedicated Hosting
    • Assigning Fanatical Support for AWS Permissions
      • Fanatical support for AWS permissions
      • AWS console and API permissions
      • AWS account creator permissions
      • Complete mapping policy example
    • Rackspace Cloud roles reference
  • Manage Identity Providers
    • Basic tasks
    • Update metadata and certificates
    • Update the Attribute Mapping Policy
  • Get support
    • Troubleshooting
      • Need to save a SAML response in the Chrome browser
      • Problems creating an Identity Provider
      • Problems logging in
      • Problems with roles or access
      • Other issues or questions
    • Get Rackspace support
  • Appendix: Attribute Mapping Policy Reference
    • Introduction
      • Technology background
      • What is Attribute Mapping?
      • Mapping Policy for Widget.com
    • Attribute mapping basics
      • The SAML assertion
      • Required attributes
      • Mapping attributes
      • Next steps
    • Attribute Mapping Examples
      • Working with defaults
  • Document history and additional information
    • Additional resources
    • Copyright and disclaimer

Prerequisites#

You need the following things to set up Okta:

  • Administrator access to your organization's Okta account.
  • The information at Rackspace Federation configuration details.

Configure Rackspace Federation at Okta#

This section includes instructions that use the Classic UI setting in Okta.

Follow these steps to set up SAML integration with Okta to work with Rackspace Identity Federation:

  1. Log in to your organization's Okta account by using your organization's sign-in page.
  2. Click Applications located on the top ribbon.
  3. On the next screen, click the Add Application button.
  4. Next, click the Create New Application button.
  5. From within the Configure a New Application Integration pop-up window, select Web from the Platform options and SAML 2.0 from the Sign on method options.
X
  1. On the General Settings page, fill in the App name with whatever you want users to see when using the application and then click Next.
  2. Fill in the requested SAML information with the Rackspace Federation configuration details.

The default values are shown in the following list:

Attribute Value
Assertion Consumer Service ("Single Sign On URL") https://login.rackspace.com/federate/acs
EntityID ("Audience") https://login.rackspace.com
Application username Email (recommended)
  1. On the same screen, proceed to the section labeled Attribute Statements and enter the following values:
Name Name format Value
email Unspecified user.email
  1. In the same section, click the Add Another button and enter the following values:
Name Name format Value
expire Unspecified PT4H (user is logged out after four hours). See the expiration section for additional details.
  1. Optionally, you can choose to add groups created in Okta to map to those you plan to map to Rackspace permissions later. Do this by performing the following steps:

    a. In the section Group Attribute Statements (Optional), enter a name for the group attribute statement in the Name field.

    1. Leave Name format set to Unspecified.

    c. Choose a Filter option and enter the necessary details. For example, if you want to include all the user's groups that have the word rackspace in your SAML assertions, add a field with an appropriate name like groups, and select a regex filter with the value .*rackspace.*.

  2. Click Next. You can fill out the next page however you prefer and then click Finish.

You have successfully added Rackspace Federation to your Okta account.

Okta metadata#

Before leaving this page, download your Okta Identity Provider metadata by going to the new SAML application settings and going to the Sign On section. Click the Identity Provider metadata link to download the XML file. This file is necessary to configure your Identity Provider with Rackspace. The file should be metadata.xml.

Note: If the file does not download with the .xml extension, be sure to rename the file with the .xml extension before uploading at Rackspace.

X

Next steps#

After you have added Rackspace Federation as an application at Okta, you should add Okta as an Identity Provider at Rackspace by using one of the following methods:

  • Add an Identity Provider in the Control Panel.
  • Add an Identity Provider in the MyRack Portal.
  • Add an Identity Provider by using the API by providing basic information about the Identity Provider.

Optional settings#

Unless specified in the instructions above, all other Okta settings are optional. For further detail on all Okta SAML configuration options, see the Okta documentation site.

Previous Okta
Next Attribute mapping for Okta
Developer Network
  • Developer Center
  • API Documentation and User Guides
  • SDKs
  • Rackspace How-To
Blogs
  • Technical Blog
  • Rackspace Blog
  • Solve: Thought Leadership
Other Information
  • Customer Stories
  • Events
  • Programs
  • Careers
  • Style Guide for Technical Content
©2020 Rackspace US, Inc.
  • ©2020 Rackspace US, Inc.
  • About Rackspace
  • Privacy Statement
  • Website Terms
  • Trademarks