Okta Authentication

Okta provides cloud identity solutions for your organization and serves as a single sign-on provider that makes it easy to manage access to TMWS.

Okta authentication uses Okta as an identity provider (IdP) to implement SAML-based single sign-on for user authentication and to automate user synchronization via the System for Cross-domain Identity Management (SCIM) protocol from Okta to TMWS. Users include your existing Okta users, on-premises AD users, and users on other human resources (HR) management systems.

This section describes how to configure Okta as a SAML (2.0) identity provider to work with TMWS.

When there are multiple domains, they have the same authentication method, that is, Direct, AD FS, Agent, Okta, Azure AD, or Google. Each domain shares the same settings under the Okta authentication method.

Note:

In this authentication method, hosted users are not able to access websites through TMWS. If you need to manage hosted user accounts, add them on your Okta admin portal first.

Before you begin configuring Okta, make sure that:

  • You have a valid subscription with Okta. To enable real-time user synchronization from Okta to TMWS, make sure that your Okta subscription has the SCIM provisioning privilege.

    Note:

    If your Okta subscription does not have the SCIM provisioning privilege, or if you do not enable SCIM provisioning in your Okta organization, your users in Okta can be authenticated only through known TMWS gateways or the dedicated port for your organization when Allow non-synchronized users is enabled on the TMWS management console. For details, see Configuring Okta Settings and Adding Domains on TMWS.

  • You have created user profiles in your Okta organization, or have integrated your Okta organization with your user store, for example, Windows Server Active Directory, to map attributes to build your Okta user profiles and import users to your Okta organization.

  • You are logged on to the management console as a TMWS administrator.

  1. Configure TMWS SSO settings on your Okta admin portal.
  2. Configure Okta settings and add domains on TMWS.
  3. Configure TMWS provisioning settings on your Okta admin portal.
  4. Configure user profiles and map the user attributes among your user store, Okta, and TMWS.
  5. Assign TMWS to users and groups on your Okta admin portal.
  6. Test single sign-on to TMWS.