Skip to main content

Privacera Documentation

Set up portal SSO for Privacea Platform with Okta using SAML

Privacera works with Okta's Security Assertion Markup Language (SAML) interface to provide an SSO/Okta login authentication to the Privacera portal.

Integration with Okta begins with configuration steps in the Okta administrator console. These steps also generate a Privacera portal account-specific identity_provider_metadata.xml file and an Identity Provider URL that are used during configuration.

Prerequisites

To configure SSO with Okta , you need to configure and enable SSL for the Privacera Portal. See Enable CA-signed certificates on Privacera Platform or Enable self-signed certificates on Privacera Platform.

Ensure that the following prerequisites are met:

Procedure
  1. SSH to the instance where Privacera is installed.

  2. Run the following commands:

    cd ~/privacera/privacera-manager/
    cp config/sample-vars/vars.portal.saml.aad.yml config/custom-vars/
  3. Edit the vars.portal.saml.aad.yml file.

    vi config/custom-vars/vars.portal.saml.aad.yml
  4. Modify SAML_ENTITY_ID and assign the value for Entity ID. For property details and description, see Portal SSO SAML configuration properties.

    SAML_ENTITY_ID: "privacera-portal"
    SAML_BASE_URL: "https://{{app_hostname}}:6868"
    PORTAL_UI_SSO_ENABLE: "true"
    PORTAL_UI_SSO_URL: "saml/login"
    PORTAL_UI_SSO_BUTTON_LABEL: "Azure AD Login"
    AAD_SSO_ENABLE: "true"
  5. Rename your downloaded Federation Metadata XML file as privacera-portal-aad-saml.xml. Copy this file to the ~/privacera/privacera-manager/ansible/privacera-docker/roles/templates/custom folder.

  6. Run the following command:

    cd ~/privacera/privacera-manager/
    ./privacera-manager.sh update
  7. If you are configuring the SSL in an Azure Kubernetes environment, then run the following command.

     ./privacera-manager.sh restart portal

You will now see an Okta Login button on the Privacera portal login page.

Portal SSO SAML configuration properties

Property

Description

Example

AAD_SSO_ENABLE

Enabled by default.

SAML_ENTITY_ID

Get the value from the Prerequisites section.

privacera-portal

SAML_BASE_URL

https://{{app_hostname}}:6868

PORTAL_UI_SSO_BUTTON_LABEL

Azure AD Login

PORTAL_UI_SSO_URL

saml/login

SAML_GLOBAL_LOGOUT

Enabled by default. The global logout for SAML is enabled. Once a logout is initiated, all the sessions you've accessed from the browser would be terminated from the Identity Provider (IDP).

META_DATA_XML

Browse and select the Federation Metadata XML, which you downloaded in the Prerequisites section.

Set custom values for SAML assertion attributes

The following assertion attributes are configured with default pre-defined values:

  • Email

  • Username

  • Firstname

  • Lastname

You can customize the values for these assertion attributes. To do so, follow these steps:

  1. Run the following commands:

    cd ~/privacera/privacera-manager/
    cp config/sample-vars/vars.portal.yml config/custom-vars/
    vi config/custom-vars/vars.portal.yml
  2. Add the following properties and assign your values. For more information on custom properties and its values, Custom Privacera Platform portal properties.

    SAML_EMAIL_ATTRIBUTE: ""
    SAML_USERNAME_ATTRIBUTE: ""
    SAML_LASTNAME_ATTRIBUTE: ""
    SAML_FIRSTNAME_ATTRIBUTE: ""
  3. Add the properties in the YAML file configured in the Configuration above.

     cd ~/privacera/privacera-manager/
    ./privacera-manager.sh update