Okta SSO on Privado Cloud

Configure your Privado cloud account for Okta Single Sign-On

Written by Nikhil Kukade
Updated over a week ago

To set up Okta integration on Privado Cloud, first you'll need to create an Okta application, then you can set up login with Okta in the Privado app.

Follow along with the video below, or follow the steps below it.

Create Okta Application Integration

  1. Ensure that you have an admin role in Okta.

  2. Access your Okta domain (e.g., https://trial-5760180.okta.com/).

  3. Navigate to the Admin Panel.

  4. Expand the side panel and select Applications.

  5. Click on the Child Applications link.

  6. Choose Create App Integration.

  7. Select "OIDC - OpenID Connect" as the integration type.

  8. Choose "Web Application" and click Next.

  9. Provide "Privado" as the Application Name.

  10. In the Grant type section, check the refresh token field along with the default checked Authorization code.

  11. Enter https://code.privado.ai/login in the Sign-out redirect URIs input.

  12. Scroll to the bottom and select Allow everyone in your organization to access in the Controlled access field. Enable immediate access with Federation Broker Mode will be selected by default.

  13. Click on save.

  14. Copy the Client ID and Client Secret from the General Tab of the newly created application.

  15. Go to the Sign On tab.

  16. Edit the OpenID Connect ID Token section and change the "Issuer" from dynamic to your Okta domain. Save the details.

  17. Copy the URL from the issuer field (e.g., https://trial-5760180.okta.com).

  18. Navigate to the Okta API Scopes tab.

  19. Search for okta.myAccount.profile.read in the list and click on grant.

  20. Change the filter on the left section to "Granter" and select okta.myAccount.profile.read.

JIT Provisioning with Okta

  1. Create Groups for Privado and assign those groups to your employees

    1. Privado-SuperAdmin. Privado-Admin, Privado-Developer, Privado-Member

  2. Go to the application created above to allow groups via token

  3. Go to Sign On tab and edit “OpenID Connect ID Token” Section

  4. Add a groups claim filter with the condition that groups start with 'Privado.' This ensures that we only retrieve groups relevant to 'Privado' and exclude any internal roles. (We are assuming you are creating step 1 with Privado prefix otherwise this logic needs to be tweaked accordingly)

  5. Click on Save

  6. Login to the Privado dashboard, navigate to settings and roles here.

If we have access to pull groups, you will be able to see them here and map them with the 'Privado' role. If you don't have access to pull groups, you can manually add groups in the text area, which will be shown instead of a dropdown.

Your setup with Okta is complete, and you can log in via Okta using JIT provisioning or inviting users via email.

Did this answer your question?