Okta

Keeper Connection Manager SAML configuration with Okta

Okta Configuration

The first step regardless of installation method is to configure your SAML 2.0 identity provider using Okta.

(1) In Okta, go to Admin > Applications > Create App Integration and select SAML 2.0. Click Next.

Create a new app integration

(2) Give the Enterprise Application a name and upload the logo file linked below then click Next.

The image logo is here:

7KB
kcm-logo-420x120.png
image

(3) Configure the SAML Settings

The SAML configuration should match the format as seen below:

  • Replace demo3.lurey.com with the URL of your Keeper Connection Manager domain.

  • Ensure the full path appears, e.g. https://DOMAIN/api/ext/saml/callback

  • For the Audience URI, use the path to the Login screen (remove the trailing slash). For example, https://demo3.lurey.com

SAML Settings

Scroll down to the Group Attribute Statements. To send the group attribute, set the name to "groups", and the name format to "Basic". If you would like ALL groups assigned to the user to be sent to Keeper Connection Manager, select the "Matches regex" with a value of ".*"

Click Next.

(4) In the Feedback section, make the selections as appears below.

Okta Group to Keeper Connection Manager Group mapping is through the Group Name. If the Keeper Connection Manager contains a Group that has the name corresponding to the Okta Group Name, the user will receive all Keeper connections assigned to that user group.

(5) Assign users and/or groups to the Keeper Connection Manager application, as you would normally do with any SAML connected app.

Assign Permissions to Keeper Connection Manager

(6) Download the Okta Metadata file and save to your local machine as metadata.xml

The location of the metadata file depends on your version of the Okta interface. In this example there is a link called "Identity Provider metadata" on the application page. There may also be a text box that contains the metadata which you can copy and paste into a local file on your computer.

The metadata XML file could also be linked in the Sign On tab > SAML Signing Certificate section under "Actions".

Save the resulting metadata.xml file by selecting "Save page as..." in your browser.

Save metadata.xml

The Okta side of the setup is complete. Note if you change anything, you need to re-download a new metadata.xml file. Transfer this metadata.xml file to your KCM server machine.

Last updated