Availability: Enterprise Edition for users with Owner permissions
Okta is one of the SAML integrations supported in the Enterprise Edition of Faros. This doc contains the setup steps for integrating Okta with Faros in a SAAS deployment. This can include assigning Faros user roles through Okta groups. Note: for on-premise deployments the steps for setting up Okta and roles are different. Those steps are also listed below.
- Setup a new SAML Integration in Okta
- Start the setup in Faros to get the corresponding configuration. Open Faros in a new tab and navigate to your
profileand click the
Workspace(Faros Owner role required)
Add Newand fill out form as follows:
SAMLfor connection type
- Note the ACS URL and Entity ID values. You will enter these in Okta.
- Enter the SSO endpoint from Okta used for authenticating.
- Provide the public certificate found in Okta.
- back in Okta, enter the Entity Id and ACS Url as the Single sign on Url. complete the rest of the Configure SAML form. If you plan on using Okta groups for Faros roles be sure to enter the Group Attribute Statements
- Back in Faros, click
Proceedand enter the domain of your emails. These will be the emails that can login to Faros via Okta. Once you hit proceed you will be provided a TXT record. Add this to your DNS.
- Enter your default SSO roles. More information on roles here. Default SSO roles are given to all users added to your Faros app in Okta, unless other roles are specified in the
Roles Groups Mappingsection (and you have Group Attributes configured in Okta). Usually, you will want to put User here; if you want your base user have Analyst capabilities, put both User and Analyst.
Setting up roles
Important: All roles must include the
Userrole to get baseline functionality. For example an analyst should get both the
This section only applies to customers deploying Faros on premise. In those instances the profile section will not be present and roles must be assigned in Okta.
As admin in Okta navigate to
Profile Editor. From there, select the application used by your Faros instance.
Clicking on the application profile will open up the Profile Editor Page and list all attributes available to users of that app.
Add Attributeat the top and complete the form. Complete the form being sure to include the following field values:
Data Type: string array
Variable Name: faros_roles
Enum Values: owner, admin, analyst, user
Next, navigate to
Applicationsand select the application you are using for Faros (the one you added the attribute to in the last step).
Click on the Assignments tab then the Groups filter.
Click the pencil icon next to the group you want to add roles to. Selecting the group will show you which users are in that group
Check the roles you want present for that group assignment. All assignments must include
Userplus any optional higher role. For example, a user would simply have the user role, while and analyst would have both the
Analystroles checked. For more details on behavior for each role check out this doc .
Repeat for other groups.
Verify your work. Navigate to the
Peoplefilter and select the pencil next to an individual. Scroll down and verify the expected
faros_rolesare set for that user.
Updated 9 days ago