Setting up Okta for on-prem deployments

Availability: Enterprise Edition for users with Owner permissions

Okta is one of the SAML integrations supported in the Enterprise Edition of Faros. This guide contains the setup steps for integrating Okta with Faros on a on-prem deployment. This can include assigning Faros user roles through Okta groups.

📘

This only applies to customers deploying Faros on premise. In those instances the profile section will not be present and roles must be assigned in Okta.

  1. As admin in Okta, create an OIDC Web App. Name it Faros.

  2. Set the following options in the Login section of the App configuration page:

    • Sign-in Redirect URI: https://<your.faros.domain>/console/api/auth/callback/okta
    • Sign-out Redirect URI: https://<your.faros.domain>/console
    • Login initiated by: Either Okta or App
    • Application visibility: Display application icon to users
    • Login flow: Redirect to app to initiate login
    • Initiate login URI: https://<your.faros.domain>/console/auth/login/okta
  3. Navigate to DirectoryProfile Editor. From there, select the Faros application.

  4. Clicking on the application profile will open up the Profile Editor Page and list all attributes available to users of that app.

  5. Select Add Attribute at the top and complete the form. Complete the form being sure to include the following field values:

    • Data Type: string array
    • Variable Name: faros_roles
    • Enum Values: owner, admin, analyst, viewer, viewerexec
  6. Next, navigate to ApplicationsApplications and select the application you are using for Faros (the one you added the attribute to in the last step).

  7. Click on the Assignments tab then the Groups filter.

  8. Click the pencil icon next to the group you want to add roles to. Selecting the group will show you which users are in that group

  9. Check the roles you want present for that group assignment. For more details on behavior for each role check out this doc .

  10. Repeat for other groups.

  11. Verify your work. Navigate to the People filter and select the pencil next to an individual. Scroll down and verify the expected faros_roles are set for that user.