Hang tight while we fetch the video data and transcripts. This only takes a moment.
Connecting to YouTube player…
Fetching transcript data…
We’ll display the transcript, summary, and all view options as soon as everything loads.
Next steps
Loading transcript tools…
Creating SSO with Entra ID as IDP and Okta as SP using SAML Protocol | Step-by-Step Integration #SSO | Cloud Knowledge | YouTubeToText
YouTube Transcript: Creating SSO with Entra ID as IDP and Okta as SP using SAML Protocol | Step-by-Step Integration #SSO
Skip watching entire videos - get the full transcript, search for keywords, and copy with one click.
Share:
Video Transcript
Video Summary
Summary
Core Theme
This content details the process of configuring Single Sign-On (SSO) between Microsoft Entra ID (formerly Azure AD) and Okta, focusing on integrating a third-party application by setting up an identity provider.
Mind Map
Click to expand
Click to explore the full interactive mind map • Zoom, pan, and navigate
Okay. So before
as we already discussed we should have
now time st that I have here because now timested
timested
we should have an is active directory instart
from that we have a global
administrative account or access of an
administrator who can create a
enterprise application over there. So we
should have all these three with the
help of these we can be able to create
an application and we can register the
same time. Okay. So moving forward you
could go ahead and try the second option
otherwise you can do sources or search
here for the Android
here. It has been opened. Now we will
expand manage overview page expanding
manage and we will go at the last we
have an options of enterprise
application in the middle of the manage
itself. In the enterprise application we
need to create our application and
multiple of applications. You can see
now we will create a application as this
is not a G application. If it is a G
application you can just go ahead and
search here. You can get all the details
of that particular application but it is
not real application. So we need to
create a manual application over here.
The manual application you have three
options. Configure application proxy for
secure remote access to run on
application. But we are application
proxy. You can go ahead with the first
one. Second is an application to
integrate in Microsoft.
If you are developing your application
then you can go ahead and register with
Microsoft application and integrate with
the Android but we are integrating a
third party application you can see
which is a nonG integration which is a
third party application but it is not
always the why we are going with the
third option that is we need to give
Or you can whatever you know
when this application has been created
just verify for the name. If any other
name has been given on your
tenant or itself or not. If it is not
then it will create an application in
one minutes. Once it has been created it
will go ahead and check for it. So the
application has been created. You can
see just take five or six seconds and
again we need to go to the manage and
then try everywhere you need to check
and expand the management. Okay.
Go ahead click on manage. Under manage
you will find a single sign options.
Another thing that we are doing in
enterprise application is provisional.
That is another topic we have discussed
it. If you want you can go to the I
button and check for my provisioning
video or in the
at the last you will get the same video
option. You can just go ahead and check
the proing how we can do the processing
for the particular application security or
or
currently we will go ahead sign on. We
are doing the same with the help of SL
security mark of language. So we will
just click on the sample itself. The
sample page we need to just give some
basic details here and probably these
basic details we also need to remember.
So if you're using a single tab or you
have multiple applications I will
request you to please copy some of the
details which I will tell you and keep
it with you. So when we configure no you
will be needed those particular values
over. Okay. So in the basic thing first
step has been there we need to go ahead and
and
we have this which has been a required
thing you can see here it's saying
required rather than these are option so
as this is the required thing and now at
present he doesn't have the identifier
as here we need to give the identifier
from which you can be able to identify
the particular third party application
that you are going to integrate with but
as of now he doesn't know what is the
identifier what we are confering and
what is the URL that octa will jump
although we know that the application is
octtop but we doesn't have that uh
remembering that what what are the urls
that octa will jump correctly so we will
just give some random urls here what is
the random url
you can give anything it is not that you
need to give this one
any other specific URL it is not
compulsory you can give what type of
details you want to give so I have given
here what the both the URLs my website
which I have been given and you just
open it once it has been done based off
this it will generate a certificate okay
which is 64 this certificate base 64 is the
the
uh security value you can say for that
particular certificate Okay, in the
second you will get all the detailings
of your attribute and claims that you
have been selected like you can go here
you can edit these attribute the claim
name is user identifier from which the
user will be identify it is user name
rest of the claims are the dedicate
claim which you can use the additional
claims are there and what names you are
giving for the original name that is if
you want to add new claim or you need to
add a global claim you can do it here if
you want to edit If you just click on
it, it will give you the options to edit
it. Okay. Now we are going to by default.
default.
The third one it is all about the SL.
Now you will take the S certificate.
Certificate is been active. It is if it
has been expired. You can just come here
and change the date itself. You can
upload it for the new one. What is the
template of the certificate? What is the
expiration date of that particular
certificate? If it is going to be
expired, which email notification you
will get, what is the metadata URL
process, this is the certificate page
24, this is the raw certificate and this
is the partition certificate. We just
needed a page 64 certificate which we
need to upload at the auto site. Okay,
if you want to edit it, just click on
edit. You will get all the things. If
you want new certificate, click on the
new certificate simply a new occur. And
once uh the SSO Dentra will get a new
certificate over here, it will
automatically keep it as a primary and
from that certificate you can be able to.
to.
So this is like that. One more thing if
you want to change the email also from
here you can change the notification.
For example, you want multiple group or any
any
email based group
mail in a group needs to be received a
notification for the certificate
enabled. Then you can go over here and
update the certificate.
So we have downloaded this. Apart from
that these two URLs which is the base
URL means all three are the same not
same all three are the required URLs but
these two the top two will be required
more efficiently why I'm saying as first
one is your login URL means which on
which page the users will be redirected
correct the first one is your login URL
that you need to be handy with you as an
opt and we need to need it okay and the
second one is your Microsoft intra
identifier URL which is the
identifier means it is the IDP
identifier which IDP you are using we
are using Microsoft in that's why it's
saying Microsoft intra identifier mean
it will identify which IDP you are using
okay so that's and login and logout URL
will be same so nothing is changed
that's why I told you we're going to
just keep this two URLs and even this
okay and the last option is test yeah we
will tested once you got to the population.
population.
Okay. So from here we have done all the
thing. Now after this we need to move
towards the octa and then we need to confide.
confide.
Okay. So we need to have instance the
same instance that we have this this
page of the octa. If you have that
profile type uh
uh
role with you in octa then you can be
able to log into admin console. Under
admin console as we are configuring an
IDP and ID is an IDP. So we need to go
to the identity provider. So here we
will find it under security tab we will
be finding an identity provider.
Correct. So you will just click an
identity provider here.
Here as I'm just recently creating an
identity provider so we don't have
anything. So we will just create an add
identity provider like here we will get
multiple identity provider. Okay you can
see we have multiple identity provider.
You can just select one of the identity
provider and we are just doing it for S.
So we just select SL 2.0 IDP and click
on next. After clicking next, we have some
some
configurations here that we need to
provide here. Okay. So in the name
field, we need to give name. I will give
the state
what I have given there. So you can be
able to identify easy. We are just using
it for SS. So we will just IDP what is
the uses for the IDP itself. So if we
want to trust the claims and all we will
take that trust claim
uh from this identity provider if we are
if we want to trust a particular claim
we will do that. If account matching
with the persistent name ID we will use
this. These are the by default settings
that we want and if you want to
configure the claim sharing and all you
can just go ahead and configure the
claim sharing by clicking the hyperlink
that has been given and you will get a
document how to do that. Okay. So has
given or you can say every of the IDP
has given their document sharing
document from where to
account matching with the IDP. how the
account will be matched with the IDP
like the side we have a precedent rule
like which we are giving a so from the
president attribute the account will be
in the IDP how we need to do it so
what we will select here you need to
pick from the list so here we will
select as a IDP user subject ID what
will be the subject name or username of
the particular ID that will be taken as
IDP user. Okay. After that filter, if
you want to apply some filter like this
particular user is been matching then
only it will be synced or it can be able
to create an SSO. Then you can give
this. We are going by default itself.
After that we have a matching against.
Matching is against is an octa user
attribute which uh you can say match
against the IDP username to find the
existing user. If any user which has
already been present, we can just select
the particular uh user. So how you can
how octa or in travel search in the user
directory you can just select it with
the help of email the help of octa
username or email whatever you need like
we are going with octa username means
the octa username what we have given
here if it is same in the endra then it
will match both the users and it will
not create the previous user itself it
will directly link with the that
particular user again after that we have
account linking policy account linking
policy if you are going to take it to
automatic then automatically
it will link the incoming IDP user and
the existing users which has been
created in the out. Okay, as we have
discussed before how it will check, it
will check the username. Then after we
are saying okay, once the octa has been
checked then what doctor need to do? We
are saying it will it should be linked
automatically. If we have selected it,
it will link automatically. If you are
disabling it, it will you need to uh do
you want to manually link the user or if
you doesn't want to link those user then
you can untick it. Okay. After that we
have this filter option like you have
selected it uh that particular account
should be linked but you can filter out
it how if you want then the in this
group if any specific group you want to
select in this if the user is in this
group then then it should be linked or
you need to exclude some of the users
means apart from this user if the user
is in there then it should be or exclude
admins means for example if the admins
are there they should be excluded they
should automatically linked with those
but we are going with by default traffic
has been there based on your requirement
we can go ahead and bring this okay
here if no match found means we are the
octa is asking if any of the match is
not found with this username what I need
to do so you have two options you can
ask him to create a new user with the
help of chip so it will create a tree
user and it will ask you to check the
Okay. If it is if it is getting any
error then it will give you an log in.
Okay. Apart from that you can say them
to redirect to opt page. So it will ask
you what are the details of the opt. But
we are saying here go ahead and create a
new list. Okay. With the help of gent. So
So
now if the user is not the username is
not represented after it will create a
new user and update the signal. Okay.
Now we have given the instruction to
create a new user. Now he's saying what
is the profile source. Now J is asking
what is the profile source. We will say
if if you have created a new user then
it is good. Otherwise update the
attribute of the existing user. If it is
a new user has been created, let's give
it. If it is the same uh the previous
user which is already named in the T,
then what need to do? Then it will say
to if you get a previous user or the
user which is already present, then go
ahead and update the new attribute which
we have selected over here. Okay, here
is the reactivation settings. For
example, a user has been in the
deactivated state in the time. So the
object will go ahead and reactivate it.
If the user is in the suspending list,
suspended list means in the deleted
state of the octa, then we will suggest
octa to go ahead.
Unsuspended means it give it to the
active user and it will work as it is.
So if you want like that you can just
take it and it will work as it is. Okay.
Any specific group assignment if you
need it then can go ahead and select a
specific group or a full for all the
groups. Okay. we will take it as a
defaulted server. Till now the settings
are the same which we doesn't need it
from anything from the ID. Now as this
is the SL protocol settings so in both
the thing here the SL certificate
settings and SL
protocol. So here we needed the details
of the IDP.
IDP issuer URL that means which IDP you
are using
that issuer URI it is being it
identified issuer URI money means which
IDP is issuing the URL which IDP is
issuing the token to login towards the
so we are the Microsoft here we have
Microsoft identifier which is as a
issuer URL as Microsoft will issue the
token to lo
here we need to give the IDP P is your URL.
URL.
Okay, after it we have a single sign on
URL that is single sign on or log out
URL that we have discussed. Here is a
login URL that we have. So you need to
go ahead and paste here.
Then now we need the certificate that we
have IDP signature site. Anything if it
doesn't get here is a question mark. We
can just click on it and you can just
this black window will tell you all the
details of the particular option. Okay,
click on the browse file. We have that
we have downloaded
download section
and this is the opt certificate.
certificate.
It is being for
195 days. It is not going to expire.
Okay, that is near to 3 years, 3 years
something like that. Okay, so it has
been done. you have approved the
certificate and all rest we need to keep
it as default as
okay I think if you want to change you
can go ahead and change the settings like
like
security algorithms and the verification
details destination if you want to give
any but these are not mandatory things
you can go ahead and choose it is your
needed we will go by default okay we'll
click on finish
once it has been done it will Ask for
the port and it's due to the security
then be able to if you are typing also
then it has been successfully the IDP
has been created as it is now as we
needed some details from the octa and
also So that can verify yeah this is me
and you are going to connect with me. So
nothing much needed only these two URLs
has been needed from the OP or the
second thing is you can ask to download
a metadata file download it will
download and you need to just go to your
site here you will get an option to
upload the metadata file or you can
manually edit the identifiers. Okay. But
for our convenience purpose, we will
now you can see
Okay. So you can see the two URLs that
we have discussed has been updated.
Apart from that rest all the things are
same nothing changes has been done. So
now this is the basic modifications that
we have done between Octra and
okay apart from that we can go ahead and
we can test it out right now itself get
some error but yeah should also be
there. So we will just go ahead and we
give an error as we
check the sample application.
Let us see the top left
that we needed right. So
So
now we will
go to this. Okay, here we have done all
the things why we are getting the error.
We will go and we will check it. Okay,
it is not completed yet. There is the
reason I do it. We need to go under
reports. reports. We have system loss
all the details all the logs that we got
from the try and we will go here. Okay,
you can go ahead and you can see what is
the error we are getting from from where
it has been started. It is started from
granted access to appended
allow directory mappings provided access.
access.
Okay, after that it is bringing that
user should
authenticated by IDP means it is came
from the IDP and itself
unknown profile attribute means the
attribute mapping that we have done
those are okay all you will be getting
total these kind of attributes over
there you need to map that attribute
then only those attribute will be mapped toward.
toward.
Okay. So now what we need to do, we need
notepad
and paste it. Okay. Then
Then
the next thing you can just copy it and
paste it as you. Now the next thing
where we need to update it right. So we
need to go
save security options
to provide users
providers. We have this after 200
created and we have added profile mappings.
mappings. Okay.
Okay.
Here we have all the mapping. So these
are the mapping that to update here.
We need to upload this custom.
First you need to go here. You need to
change some settings like it should be
app dot username. It should be app dot
first name. Not so it should be the
application what is happening in the
like we have created the user. So it
should be what application is. Okay.
After that we need to change it
one the main the main attributes that we
the
or we can say the email id should be the id.
id. Okay.
Okay.
So we will save the mapping apply mapping.
mapping.
Now again we need to go here
to intra another part that we have we
need to
same mapping applied.
those attribute.
first name, last name, email,
I name
as it is as it was given in particular
particular
first and the
other name that has been given. Okay,
like this you go ahead you can attribute
first name for attribute the same value
ID
So like this you need to provide all the
identifiers the names itself. Once these
all been set up, now we will go test
successfully that means
successfully. So like this you can just
configure your signal. The only thing
you need to take care of this text
and the value of the website and that
should be user
user and there are you can get you can
also for your requirement and other
things and see identity provider you can
just create multiple identity providers
that you have. So you can test and you can
can
play with those and based on that you
can draw into the itself. So it's like that.
If this video helped you, please give it
a like and subscribe for more cloud
identity and access management tutorials.
tutorials.
Hit the bell icon so you never miss an
update on SSO, Entra ID, Octa, and
security integrations.
Got questions, issues, or want us to
cover a specific use case? Drop them in
Click on any text or timestamp to jump to that moment in the video
Share:
Most transcripts ready in under 5 seconds
One-Click Copy125+ LanguagesSearch ContentJump to Timestamps
Paste YouTube URL
Enter any YouTube video link to get the full transcript
Transcript Extraction Form
Most transcripts ready in under 5 seconds
Get Our Chrome Extension
Get transcripts instantly without leaving YouTube. Install our Chrome extension for one-click access to any video's transcript directly on the watch page.
