Skip to main content
Version: 2.4.15

Configuring Okta (SAML)

If your organization uses Okta Identity Provider (IdP) for user authentication, you can configure Rancher to allow your users to log in using their IdP credentials.

>Note: Okta integration only supports Service Provider initiated logins.

Prerequisites#

In Okta, create a SAML Application with the settings below. See the Okta documentation for help.

SettingValue
Single Sign on URLhttps://yourRancherHostURL/v1-saml/okta/saml/acs
Audience URI (SP Entity ID)https://yourRancherHostURL/v1-saml/okta/saml/metadata

Configuring Okta in Rancher#

  1. In the top left corner, click ☰ > Users & Authentication.

  2. In the left navigation menu, click Auth Provider.

  3. Click Okta.

  4. Complete the Configure Okta Account form. The examples below describe how you can map Okta attributes from attribute statements to fields within Rancher.

    FieldDescription
    Display Name FieldThe attribute name from an attribute statement that contains the display name of users.
    User Name FieldThe attribute name from an attribute statement that contains the user name/given name.
    UID FieldThe attribute name from an attribute statement that is unique to every user.
    Groups FieldThe attribute name in a group attribute statement that exposes your groups.
    Rancher API HostThe URL for your Rancher Server.
    Private Key / CertificateA key/certificate pair used for Assertion Encryption.
    Metadata XMLThe Identity Provider metadata file that you find in the application Sign On section.

    >Tip: You can generate a key/certificate pair using an openssl command. For example: >
    > openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout myservice.key -out myservice.crt

  1. After you complete the Configure Okta Account form, click Enable.

    Rancher redirects you to the IdP login page. Enter credentials that authenticate with Okta IdP to validate your Rancher Okta configuration.

    >Note: If nothing seems to happen, it's likely because your browser blocked the pop-up. Make sure you disable the pop-up blocker for your rancher domain and whitelist it in any other extensions you might utilize.

Result: Rancher is configured to work with Okta. Your users can now sign into Rancher using their Okta logins.

{{ saml_caveats }}