DeepSurface can be configured to leverage a third-party identity provider (IdP) to authenticate users when they access the DeepSurface web management console. One option is to use Okta's service as SAML-based IdP. Use the following steps to create a new DeepSurface Authentication Provider configuration to enable this integration.
Create the Authentication Provider record in DeepSurface
Navigate to Setup > Authentication > Providers
Click the button "+ Authentication Provider" in the top-right of the screen
In the pop-up, select "SAML 2.0" in the drop-down
Fill in an appropriate label for this authentication provider (such as "Okta")
Enter an appropriate value for the domain name of the "ASSERTION CONSUMER SERVICE URL" field. This domain name must match the one users will navigate to when accessing DeepSurface.
Click the "copy to clipboard" icon next to the ASSERTION CONSUMER SERVICE URL field to make a copy of this ACS URL. Paste this in a temporary location, such as a text editor, as we'll need this in later steps.
Do not enter any values in the METADATA XML at this stage. We'll come back to this in a minute.
Save the new authentication provider.
Configure Okta
Log in to your Okta portal and navigate to Applications > Applications > Create App Integration
Select SAML 2.0 and click Next
Enter a friendly name in the App name field, such as "DeepSurface". Select other options as appropriate and click Next.
On the Okta screen, enter the ASSERTION CONSUMER SERVICE URL you obtained in step 1 above into both the Single sign on URL and Audience URI (SP Entity ID) fields. Do not modify any other fields, and then click Next.
On the third Okta screen, answer the feedback questions as appropriate and click Finish.
Next, you should arrive at the new application's "Sign On" tab. In this area, find the link for "Identity Provider metadata" and download it. You may need to right click on the link and select "Save link as..." Store this in a file for use in Step 3 below.
Finalize DeepSurface Authentication Provider
Return to the Setup > Authentication > Providers area in DeepSurface and edit the provider created in step 1.
Upload or paste the XML file into the METADATA XML field, as obtained from Okta in step 2.
Save the updated authentication provider record.
Create DeepSurface users associated with the Okta authentication provider
In DeepSurface, navigate to Setup > Authentication > Users.
For any user who needs to log in via Okta, create a user with exactly the same username they would use with Okta. Be sure to select your newly created authentication provider in the dropdown at the top of the user editing pop-up.
**Optionally, enable Auto-Provisioning
Test Okta-based login
To test a DeepSurface user linked with an Okta authentication provider, first log out of DeepSurface.
On the login form, enter the username of a user who should be authenticated against Okta, and click Next.
You should now be redirected to Okta. Log in with your Okta credentials.
After successfully authenticating to Okta, your browser should be redirected back to DeepSurface and you should be automatically logged in to the DeepSurface console.
For more information, consider consulting the following:
Having trouble? Don't hesitate to contact support.