SSO integration configuration involves both Okta and OpsRamp platforms to configure redirects to your custom branding URL.

Prerequisite

  • Partners register with OpsRamp to get login credentials.
  • Provide a custom branding URL, such as .opsramp.com.

Configure Okta SSO integration

  1. Select Applications from the Applications menu.

  2. Search for the OpsRamp app and click the Add button.

  3. On the Add OpsRamp page in the General Settings - Required section, enter the website subdomain in the Subdomain field.

    You can find the subdomain on the Accounts > Clients page in the subdomain part of the Website URL. For example, it is the okta-cert part of okta-cert.app.opsramp.com.

  4. Click Done.

  5. From the Applications menu, select the OpsRamp app and review the settings on the Sign On tab.

  6. Select View Setup Instructions and configure the following:

    • Okta instructions Issuer URL
    • Redirection URL
    • Logout URL
    • Certificate
Single Sign-On Settings

Single Sign-On Settings

Configure OpsRamp SSO integration

  1. From All Clients, select a client.
  2. Go to Setup > Integrations > Integrations.
  3. From Available Integrations, select SSO > Okta and click Install.
  4. Provide the following:
    • Issuer URL: Identity provider Issuer URL
    • Redirection URL: SAML EndPoints for HTTP
    • Logout URL: URL for logging out
    • Certificate: x.509 Certificate
  5. (Optional) Provide user provisioning settings to enable JIT.se
  6. Click Install.

Verification SSO integration

  1. From the Okta console, go to the OpsRamp Application.
  2. Click Sign On, and then click View Setup Instructions.
  3. Verify the following settings:
    • Issuer URL: Identity Provider Issuer URL
    • Redirection URL: Identity Provider SSO URL
    • Logout URL: URL for logging out
    • Certificate: x.509 Certificate

Provision a user

After configuring the OpsRamp-Okta integration, you can provision users.

In the OpsRamp UI …

  1. Navigate to the Accounts > Clients page.
  2. Click Okta client and copy the subdomain part of the Website URL, which you will need to specify the subdomain in Okta. For example, copy the okta-cert part of okta-cert.app.opsramp.com.

Prepare to install.

  1. In Integrations > Integrations, click the SSO button to display the available SSO integrations.
  2. Click the Okta icon.
  3. Click the Install button. Continue on the Okta to get the integration parameters needed.

On the Okta console …

Enter the OpsRamp subdomain:

  1. Select Applications from the Applications menu.
  2. Click the Add button.
  3. On the Add OpsRamp page in the General Settings - Required section, enter the website URL copied from OpsRamp in the Subdomain field: okta-cert.
  4. Click Done.

Set up the sign-on method:

  1. Select Applications from the Applications menu.

  2. Select the Sign On tab.

  3. Scroll down and click the View Setup Instructions button to configure SAML 2.0 for OpsRamp.

  4. From step six of the setup instructions, copy and save the values in the following fields:

    • Issuer
    • redirection URL
    • logout URL
    • certificate

In the OpsRamp UI …

  1. Returning to the Install Okta Integration screen, enter the information copied from Okta:
  • Issuer URL
  • Redirection URL
  • Logout URL
  • Certificate
  1. Click Install
  2. On the OKTA INTEGRATION page Configuration tab Properties section, verify the Issuer URL, Redirection URL, and Logout URL. The Provision Type should be SCIM.
  3. In the User Provision section, copy and save the URL and Token for the Okta base URL and API token fields.

On the Okta console …

Provision the user:

  1. On the Applications > Integration page, click the Provisioning tab.
  2. Scroll down and click Configure API Integration.
  3. Select Enable API integration.
  4. Enter the Base URL and the API Token copied from OpsRamp instructions.
  5. Click Test API Credentials. Successful credential verification displays the OpsRamp was verified successful! message.
  6. Click Save. On success, Provisioning settings saved! is displayed.

Add a user.

  1. Click the Assignments tab.
  2. Open another Okta console in a new tab and navigate to Directory > People.
  3. Click Add Person
  4. Enter the required and any optional personal information in the provided fields. The Username must be an email address.
  5. For the Password field, choose Set by admin and enter a password.
  6. Click Save. A Person added! message displays.

Enable user provisioning.

  1. Navigate to Applications > Applications and choose the Provisioning tab.

  2. In the Provisioning to App panel, click Edit.

  3. Select Create User - Enable, Update User Attributes - Enable, and Deactivate Users - Enable.

  4. Select the following Enable options to complete the provisioning setup.

    • Create Users
    • Update User Attributes
    • Deactivate Users
  5. Click Save and wait for application setup verification. On success, a Provisioning settings saved! message displays.

Assign the OpsRamp application to the user.

  1. Return to the first tab and, from the Assign dropdown menu, choose Assign to People.
  2. Use the search bar to search for the user you added in the other Okta console.
  3. Locate the entry for the user from the search results and click Assign.
  4. In the Assigned Applications section, click the Assign Applications button.
  5. Click OpsRamp in the application list.
  6. In the Applications > Assignments tab, click the Assign button and choose Assign to People.
  7. Locate OpsRamp in the list and click Assign.
  8. For the user you want to assign to the OpsRamp application, click Assign.
  9. Edit the user information field you want to change and click Save and Go Back.
  10. Click Done to complete assigning users. The 1 person assigned successfully message displays.

In the OpsRamp UI …

Navigate to Accounts > Users and, after a short delay, see that the provisioned Okta user is added to the user list.

Unprovision a user

On the Okta console …

  1. Choose the Assignments tab.
  2. Click the X for the user to delete in the user list.
  3. Click OK to confirm that you want to unassign the user.

In the OpsRamp UI …

Refresh the Accounts > Users page to confirm the user is deleted from the list.