Skip to main content

Sitecore

Configure SAML Single Sign-on using Okta in Sitecore Content hub

Cyber security firewall interface protection concept HTTPS certificates. Businesswoman protecting herself from cyber attacks. Personal data security and banking. stock photo

Identity management is HARD! But third parties are making it easy for us. We wanted to configure Content Hub for Single Sign-on authentication with Okta through SAML to match with Sitecore so the DAM popup would be seamless. This way the responsibility of manual user management will move away from content hub admins to the system admins who are responsible for the whole organization.

Okta setup

  • From Okta admin portal create an application.
    Create New Okta App in admin panel
  • On the next screen, Single Sign-on URL will be <Your-content-hub-instance-url>/AuthServices-okta/Acs
  • Use the same url for Recipient URL and Destination URL
  • Audience Restriction is the url of your content hub instance
  • For Name ID Format use email address or name whichever seem fit, but this will depend on your setup.
  • Mapped these two ATTRIBUTE STATEMENTS (these will also change depending on your setup)
  • Use SAML 2.0 as the sign on method
  • Set Application username format to email or name depending on Name ID.

I am working with a personal account to build a POC, so not a lot of users and roles but just me, myself and I.

Content Hub Setup

  • Go to Manage then Settings
  • Under PortalConfiguration find Authentication
    Content Hub Setting screen under manage for superusers
  • There are three different views.
    Setting View

    • Tree view is easy to view. Form view is easy to change, but Text view is easier to copy & paste. Choose the one your heart desires.
  • Turn EnableBasicAuthentication to true
  • Turn EnableExternalAuthentication to true
  • Expand or look inside ExternalAuthenticationProviders node.
    • The saml block of code should look something like below:
"saml": [
  {
    "metadata_location": "",
    "sp_entity_id": "",
    "idp_entity_id": "",
    "provider_name": "okta",
    "authentication_mode": "Passive",
    "module_path": "/AuthServices-okta",
    "is_enabled": true
  }
],
  • Where and how do I get the values, you ask?
    • Metadata_location: Go to Okta application setting
      find Metadata Location in okta admin screen
    • Click on View IdP metadata and copy the url from the browser. This will end with “/sso/saml/metadata”
    • sp_entity_id is the Content hub instance url.
    • idp_entity_id can be found in two places. From the UI and from the metadata listed above.
    • in the UI, find this block on Sign on tab of the application
    • Open the instruction
      Saml Setup screen from okta admin panel
    • IdP will be listed there on #2
      Idp Url from okta admin panel
  • That’s it. This is the minimum configuration needed to hook up Okta to your content hub.
  • Save all the settings changes in Content Hub. The changes should propagate instantly. I say should because sometimes the goblins are chewing the cables that flies the bits around in the Content Hub cloud.
  • Open another browser or use incognito browser and try to login with SAML it should look like below.
    content hub Login Screen after sso is configured

 

 

What’s next:

  • Add title, description and Sign in messages to the settings json
  • Complete setup and real users and roles in Okta
  • Write User Log In script in Content hub to map user roles from Okta to Content Hub (another topic for another day)
  • Write a blog post
  • Buy flowers (note the publish date)

Special thanks:

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Topaz Ahmed

Jack of all tech, master of Sitecore. Learning new tools every night from 5-9 and looking forward to spreading the knowledge. If you are a newbie problem creator or a senior problem solver, keep an eye out here and in my personal blog where I write about mostly Sitecore.

More from this Author

Follow Us
TwitterLinkedinFacebookYoutubeInstagram