Prerequisites#
You need the following things to set up Okta:
- Administrator access to your organization's Okta account.
- The information at Rackspace Federation configuration details.
Configure Rackspace Federation at Okta#
This section includes instructions that use the Classic UI setting in Okta.
Follow these steps to set up SAML integration with Okta to work with Rackspace Identity Federation:
- Log in to your organization's Okta account by using your organization's sign-in page.
- Click Applications located on the top ribbon.
- On the next screen, click the Add Application button.
- Next, click the Create New Application button.
- From within the Configure a New Application Integration pop-up window, select Web from the Platform options and SAML 2.0 from the Sign on method options.
- On the General Settings page, fill in the App name with whatever you want users to see when using the application and then click Next.
- Fill in the requested SAML information with the Rackspace Federation configuration details.
The default values are shown in the following list:
| Attribute | Value |
|---|---|
| Assertion Consumer Service ("Single Sign On URL") | https://login.rackspace.com/federate/acs |
| EntityID ("Audience") | https://login.rackspace.com |
| Application username | Email (recommended) |
- On the same screen, proceed to the section labeled Attribute Statements and enter the following values:
| Name | Name format | Value |
|---|---|---|
| Unspecified | user.email |
- In the same section, click the Add Another button and enter the following values:
| Name | Name format | Value |
|---|---|---|
| expire | Unspecified | PT4H (user is logged out after four hours). See the expiration section for additional details. |
Optionally, you can choose to add groups created in Okta to map to those you plan to map to Rackspace permissions later. Do this by performing the following steps:
a. In the section Group Attribute Statements (Optional), enter a name for the group attribute statement in the Name field.
- Leave Name format set to Unspecified.
c. Choose a Filter option and enter the necessary details. For example, if you want to include all the user's groups that have the word
rackspacein your SAML assertions, add a field with an appropriate name likegroups, and select a regex filter with the value.*rackspace.*.Click Next. You can fill out the next page however you prefer and then click Finish.
You have successfully added Rackspace Federation to your Okta account.
Okta metadata#
Before leaving this page, download your Okta Identity Provider metadata by going to the new SAML application settings and going to the Sign On section. Click the Identity Provider metadata link to download the XML file. This file is necessary to configure your Identity Provider with Rackspace. The file should be metadata.xml.
Note: If the file does not download with the .xml extension, be sure to rename the file with the .xml extension before uploading at Rackspace.
Next steps#
After you have added Rackspace Federation as an application at Okta, you should add Okta as an Identity Provider at Rackspace by using one of the following methods:
- Add an Identity Provider in the Control Panel.
- Add an Identity Provider in the MyRack Portal.
- Add an Identity Provider by using the API by providing basic information about the Identity Provider.
Optional settings#
Unless specified in the instructions above, all other Okta settings are optional. For further detail on all Okta SAML configuration options, see the Okta documentation site.