Okta Integration Guide Overview

Note: Pivotal Platform is now part of VMware Tanzu. In v1.12 and later, Pivotal Single Sign‑On is named Single Sign‑On for VMware Tanzu.

Okta is an enterprise identity management and single sign-on service that integrates with apps in the cloud, on-premises, or on a mobile device. This documentation describes how to configure a single sign-on partnership between Okta as the identity provider and Single Sign‑On for VMware Tanzu as the service provider.

Single Sign‑On supports service provider-initiated authentication flow and single logout. It does not support identity provider-initiated authentication flow. All Single Sign‑On communication takes place over SSL.

Prerequisites

To integrate Okta with Single Sign‑On, you must have the following:

  • Okta v2016.07 or later
  • A user with app admin privileges

Note: To configure SAML, you must have the Pivotal Single Sign-On service broker installed on your PCF deployment. You need to create a plan, grant any plan administrators, and specify any organizations this plan should be the authentication authority for. For help configuring plans, see the Manage Service Plans topic.

Okta Integration Guide

Configuring Okta with Single Sign‑On

Complete both steps below to integrate your deployment with Okta and Single Sign‑On.

  1. Configure Okta as an Identity Provider
  2. Configure a Single Sign‑On Service Provider

Testing and Troubleshooting