This document is intended to demonstrate how you would integrate Silverline SSO with Okta.
- Okta offers a 30-day trial setup to get you operating quickly. https://www.okta.com/free-trial/
- IMPORTANT: Provisioning users within the Okta portal does not automatically provision users within Silverline. An account must exist already within Silverline, so when you provision the user within Okta, you will need to match the email address.
Types of Authentication with Silverline SSO
Two types of authentication that can be used to log into Silverline:
- SP Initiated Auth is when the SSO authentication is initiated by the Service Provider (in this case Silverline). There are 2 ways to kick off an SP Initiated Auth session
- by the Silverline login page
- Since the account is configured for SSO, they do not need to put in the password -- just the email address and click “Sign in”.
- They are then be transported to the Okta login screen to enter password.
- Once authenticated, they are redirected back to the Silverline portal and logged in.
- by the F5 Silverline Assertion Consumer URL which can be found within the Config >SSO Integration menu
- As soon as someone uses the URL, they will be transported to the Okta login screen.
- by the Silverline login page
- IDP Initiated Auth is when the SSO authentication is initiated by the Identity Provider (in this case Okta)
- This is typically where a customer uses Okta to present their users with a list of applications they are authorized to use.
- Once the user logs into Okta, they click on the Silverline app and they will be transported to Silverline and logged in under the context of their Okta login.
1) Create Users - Once you obtain a trial or using an organization account subscription, you need to create some users within Okta.
- Navigate to Directory> People
- Fill in the form
- Username must be same email address as your Silverline account. If it doesn’t match, the Silverline portal will give an error saying the user is not found.
2) Silverline Application Creation
- Click on the Create New App button on the top right of the screen.
- We recommend creating your own, though there is an F5 Silverline account
- Select Platform: Web
- Select Sign on method: SAML 2.0
- Give the application a name (and icon if you wish) and click next
- Start populating required SAML details, i.e. Single Sign-on URL which is obtained from Silverline's Customer Portal in the next step.
3) Get the Single Sign-on URL by provisioning SSO Integration within the Silverline account
- Browse to https://portal.f5silverline.com
- Navigate in the top menu to Config > SSO Integration
- Click +Add in upper-right
- Once you create the SSO Integration, Silverline gives you “F5 Silverline Assertion Consumer URL” which is the Single Sign On URL needed by Okta in the previous step.
- Leave the Silverline Portal open, as you'll paste information here from Okta in a later step
Note: If you have created previous SSO integration profiles, double-check the value of "F5 Silverline Assertion Consumer URL” prior to pasting it in your "Single sign on URL" field in OKTA, each SSO integration profile contains a different value for "F5 Silverline Assertion Consumer URL”.
4) Finish Okta Configuration
- Add Single Sign on URL and Audience URI (SP Entity ID) like below.
- Change the Name ID Format value to EmailAddress
- Change the Application Username to Email as well.
- Click Next and answer Okta Support questions, i.e. “I am an Okta customer adding an internal app”
5) Assign new Okta Application to new Okta users
This will then show up in their list of applications when they log in as a normal user.
- Navigate from the main menu under Applications > Gear symbol on the right of the application > Assign to Users
- Can also assign users immediately after the app has been created
- Find the user you want and click the Assign button:
6) Finish SSO configuration on Silverline side
Now you should have 2 windows open: Okta and Silverline Portal SSO config
- In Okta, navigate to Applications > select the application you are configuring for the Silverline account:
- Click on View Setup Instructions in the Single Sign On Methods menu.
- this displays Okta components needed by Silverline.
- Copy the Identity Provider Single Sign On URL value from Okta --> paste it into the Silverline SSO config in the IDP Single sign-On Target URL” field
- Copy the certificate from Okta --> paste it into the Silverline SSO config in the Identity Provider (IdP) Certificate field.
7) Enable SSO on Silverline Account
- Click on your company name in the upper right of Silverline Portal
- Select Edit Customer
- Under Required SSO Provider for User sign-in, select Okta (configured in previous step)