Avi Vantage Integration with Okta

An Avi virtual service’s ability to act as a service provider is key to support of Security Assertion Markup Language (SAML), starting with release 18.2.2. To fulfill this role, the Avi virtual service sends authentication requests to an identity provider (IDP), responses from which govern user access to back-end applications running in Avi pools. Multiple third-party integrations have been implemented by Avi Networks to give customers a choice of IDP. This article outlines the steps necessary to enable Okta as IDP.

Avi as SP and Okta as IDP

Okta as IDP

Configuring Okta as IDP:

  1. Login to the Okta developer account with admin access and click on Applications.

  2. Under Applications, choose Add Application and click on Create New App.

    Okta configuration step

    Okta configuration step
  3. Create a new SAML 2.0 application in Okta.
    Okta configuration step
  4. Provide a name for the application. Okta configuration step
  5. In SAML Settings, provide the SSO URL in the format https://SPresource/sso/acs/ (for example, https://sales.avi.com/sso/acs/ as shown in the below screen) and use the same URL in the IDP. The Audience URI must be the same as Entity ID. Click Next.
    Note: The trailing slash (/) after acs is mandatory.
    Okta configuration step
  6. Click Finish on the next screen.
    Okta configuration step
  7. On the screen shown below, there is the option to download metadata.
    Okta configuration step
  8. Assign the apps to the local users, groups, or AD users.
    Okta configuration step Okta configuration step

This completes the process of creating an application on Okta.

Once configuration is complete on Okta, configure an Avi virtual service to act as service provider by following the instructions given in the SAML Configuration on Avi Vantage article.