HP Anyware Manager SAML Authentication with Okta
Requirements
- Must have an Okta account
- Must have users in Okta
1. Create an Okta account if you do not have one, or else log-in to your existing Okta account. You must be logged in as an Okta Admin.
2. From the Okta site click Applications from the menu bar.
3. Click Add Application.
4. Click Create New App and select SAML 2.0 as the Sign on method.
5. Click Create.
6. Go to https://cam.teradici.com/ and from the account tab click Multi Admin Settings.
7. From the Multi Admin Settings page click the Configuration Info and copy the Assertion Consumer Service URL and Audience URL.
8. Add that information to the Single sign on URL and Audience URL in the Okta SAML Settings page.
9. Set the Name ID format to EmailAddress.
10. Enter the following value: http://schemas.xmlsoap.org/claims/Group in the Group Attribute Statements Name field for your group's name value.
11. Set to the filter to matches regex and enter ".*". This will return all groups this user is a member of.
12. Within Okta, click Next.
13. Click "I'm an Okta customer adding an internal app"
14. Select "This is an internal app that we have created"
15. Click Finish.
16. After this you will be redirected to the Sign-on tab of the application and click View Setup Instructions. Copy the SSO URL and Certificate information.
17. In the HP Anyware Manager Admin Console copy the SSO URL and Certificate information and update the SAML Configuration in HP Anyware Manager in the IDP Settings tab within the Multi Admin Settings page.
18. Ensure the configuration is enabled and that each Okta user and/or group has been enabled in the HP Anyware Manager Admin Console. For more information on adding users and groups with HP Anyware Manager Admin Console, see here.
Verify SAML Login Flow
The next process is to verify the SAML login flow is correct.
1. From the application page in Okta, assign imported users or create a new user in Okta to access the application.
2. Open up a new browser window in incognito mode and go to the HP Anyware Manager SAML login URL page within the Multi Admin Settings page.
If Okta has been properly configured, the Direct login via identity provider will redirect you to Okta where you can authenticate with any of the configured users in Okta.