0:32 Okay. So before
0:34 as we already discussed we should have
0:37 now time st that I have here because now timested
0:39 timested
0:42 we should have an is active directory instart
0:47 from that we have a global
0:50 administrative account or access of an
0:52 administrator who can create a
0:54 enterprise application over there. So we
0:56 should have all these three with the
0:58 help of these we can be able to create
0:59 an application and we can register the
1:03 same time. Okay. So moving forward you
1:06 could go ahead and try the second option
1:09 otherwise you can do sources or search
1:12 here for the Android
1:15 here. It has been opened. Now we will
1:18 expand manage overview page expanding
1:22 manage and we will go at the last we
1:24 have an options of enterprise
1:26 application in the middle of the manage
1:30 itself. In the enterprise application we
1:33 need to create our application and
1:35 multiple of applications. You can see
1:39 now we will create a application as this
1:41 is not a G application. If it is a G
1:43 application you can just go ahead and
1:45 search here. You can get all the details
1:47 of that particular application but it is
1:49 not real application. So we need to
1:51 create a manual application over here.
1:52 The manual application you have three
1:55 options. Configure application proxy for
1:57 secure remote access to run on
1:59 application. But we are application
2:01 proxy. You can go ahead with the first
2:04 one. Second is an application to
2:07 integrate in Microsoft.
2:09 If you are developing your application
2:11 then you can go ahead and register with
2:14 Microsoft application and integrate with
2:17 the Android but we are integrating a
2:19 third party application you can see
2:21 which is a nonG integration which is a
2:23 third party application but it is not
2:26 always the why we are going with the
2:28 third option that is we need to give
2:43 Or you can whatever you know
2:45 when this application has been created
2:47 just verify for the name. If any other
2:50 name has been given on your
2:52 tenant or itself or not. If it is not
2:54 then it will create an application in
2:57 one minutes. Once it has been created it
3:00 will go ahead and check for it. So the
3:02 application has been created. You can
3:06 see just take five or six seconds and
3:08 again we need to go to the manage and
3:10 then try everywhere you need to check
3:13 and expand the management. Okay.
3:16 Go ahead click on manage. Under manage
3:19 you will find a single sign options.
3:21 Another thing that we are doing in
3:23 enterprise application is provisional.
3:24 That is another topic we have discussed
3:26 it. If you want you can go to the I
3:28 button and check for my provisioning
3:31 video or in the
3:33 at the last you will get the same video
3:34 option. You can just go ahead and check
3:37 the proing how we can do the processing
3:39 for the particular application security or
3:41 or
3:43 currently we will go ahead sign on. We
3:45 are doing the same with the help of SL
3:48 security mark of language. So we will
3:51 just click on the sample itself. The
3:54 sample page we need to just give some
3:57 basic details here and probably these
3:59 basic details we also need to remember.
4:02 So if you're using a single tab or you
4:04 have multiple applications I will
4:06 request you to please copy some of the
4:09 details which I will tell you and keep
4:12 it with you. So when we configure no you
4:15 will be needed those particular values
4:18 over. Okay. So in the basic thing first
4:21 step has been there we need to go ahead and
4:22 and
4:25 we have this which has been a required
4:26 thing you can see here it's saying
4:31 required rather than these are option so
4:34 as this is the required thing and now at
4:36 present he doesn't have the identifier
4:38 as here we need to give the identifier
4:40 from which you can be able to identify
4:42 the particular third party application
4:45 that you are going to integrate with but
4:47 as of now he doesn't know what is the
4:48 identifier what we are confering and
4:50 what is the URL that octa will jump
4:52 although we know that the application is
4:55 octtop but we doesn't have that uh
4:57 remembering that what what are the urls
4:59 that octa will jump correctly so we will
5:02 just give some random urls here what is
5:05 the random url
5:15 you can give anything it is not that you
5:18 need to give this one
5:20 any other specific URL it is not
5:22 compulsory you can give what type of
5:24 details you want to give so I have given
5:29 here what the both the URLs my website
5:31 which I have been given and you just
5:34 open it once it has been done based off
5:37 this it will generate a certificate okay
5:41 which is 64 this certificate base 64 is the
5:43 the
5:44 uh security value you can say for that
5:47 particular certificate Okay, in the
5:48 second you will get all the detailings
5:50 of your attribute and claims that you
5:53 have been selected like you can go here
5:55 you can edit these attribute the claim
5:59 name is user identifier from which the
6:02 user will be identify it is user name
6:04 rest of the claims are the dedicate
6:06 claim which you can use the additional
6:08 claims are there and what names you are
6:10 giving for the original name that is if
6:12 you want to add new claim or you need to
6:15 add a global claim you can do it here if
6:17 you want to edit If you just click on
6:19 it, it will give you the options to edit
6:22 it. Okay. Now we are going to by default.
6:23 default.
6:26 The third one it is all about the SL.
6:28 Now you will take the S certificate.
6:31 Certificate is been active. It is if it
6:32 has been expired. You can just come here
6:35 and change the date itself. You can
6:37 upload it for the new one. What is the
6:38 template of the certificate? What is the
6:40 expiration date of that particular
6:42 certificate? If it is going to be
6:43 expired, which email notification you
6:46 will get, what is the metadata URL
6:48 process, this is the certificate page
6:50 24, this is the raw certificate and this
6:52 is the partition certificate. We just
6:55 needed a page 64 certificate which we
6:58 need to upload at the auto site. Okay,
6:59 if you want to edit it, just click on
7:01 edit. You will get all the things. If
7:03 you want new certificate, click on the
7:06 new certificate simply a new occur. And
7:10 once uh the SSO Dentra will get a new
7:11 certificate over here, it will
7:14 automatically keep it as a primary and
7:15 from that certificate you can be able to.
7:18 to.
7:20 So this is like that. One more thing if
7:22 you want to change the email also from
7:24 here you can change the notification.
7:26 For example, you want multiple group or any
7:28 any
7:30 email based group
7:34 mail in a group needs to be received a
7:36 notification for the certificate
7:38 enabled. Then you can go over here and
7:42 update the certificate.
7:44 So we have downloaded this. Apart from
7:47 that these two URLs which is the base
7:50 URL means all three are the same not
7:53 same all three are the required URLs but
7:56 these two the top two will be required
7:59 more efficiently why I'm saying as first
8:01 one is your login URL means which on
8:04 which page the users will be redirected
8:06 correct the first one is your login URL
8:09 that you need to be handy with you as an
8:12 opt and we need to need it okay and the
8:14 second one is your Microsoft intra
8:18 identifier URL which is the
8:20 identifier means it is the IDP
8:22 identifier which IDP you are using we
8:24 are using Microsoft in that's why it's
8:27 saying Microsoft intra identifier mean
8:30 it will identify which IDP you are using
8:33 okay so that's and login and logout URL
8:35 will be same so nothing is changed
8:36 that's why I told you we're going to
8:39 just keep this two URLs and even this
8:42 okay and the last option is test yeah we
8:44 will tested once you got to the population.
8:46 population.
8:49 Okay. So from here we have done all the
8:52 thing. Now after this we need to move
8:54 towards the octa and then we need to confide.
8:56 confide.
8:59 Okay. So we need to have instance the
9:02 same instance that we have this this
9:04 page of the octa. If you have that
9:06 profile type uh
9:08 uh
9:11 role with you in octa then you can be
9:13 able to log into admin console. Under
9:16 admin console as we are configuring an
9:19 IDP and ID is an IDP. So we need to go
9:20 to the identity provider. So here we
9:23 will find it under security tab we will
9:25 be finding an identity provider.
9:27 Correct. So you will just click an
9:30 identity provider here.
9:34 Here as I'm just recently creating an
9:35 identity provider so we don't have
9:38 anything. So we will just create an add
9:41 identity provider like here we will get
9:43 multiple identity provider. Okay you can
9:46 see we have multiple identity provider.
9:48 You can just select one of the identity
9:51 provider and we are just doing it for S.
9:56 So we just select SL 2.0 IDP and click
9:58 on next. After clicking next, we have some
10:00 some
10:02 configurations here that we need to
10:05 provide here. Okay. So in the name
10:08 field, we need to give name. I will give
10:10 the state
10:12 what I have given there. So you can be
10:14 able to identify easy. We are just using
10:17 it for SS. So we will just IDP what is
10:20 the uses for the IDP itself. So if we
10:23 want to trust the claims and all we will
10:28 take that trust claim
10:30 uh from this identity provider if we are
10:32 if we want to trust a particular claim
10:35 we will do that. If account matching
10:38 with the persistent name ID we will use
10:40 this. These are the by default settings
10:41 that we want and if you want to
10:43 configure the claim sharing and all you
10:45 can just go ahead and configure the
10:47 claim sharing by clicking the hyperlink
10:49 that has been given and you will get a
10:52 document how to do that. Okay. So has
10:55 given or you can say every of the IDP
10:56 has given their document sharing
11:01 document from where to
11:02 account matching with the IDP. how the
11:05 account will be matched with the IDP
11:08 like the side we have a precedent rule
11:11 like which we are giving a so from the
11:14 president attribute the account will be
11:19 in the IDP how we need to do it so
11:21 what we will select here you need to
11:23 pick from the list so here we will
11:27 select as a IDP user subject ID what
11:28 will be the subject name or username of
11:32 the particular ID that will be taken as
11:35 IDP user. Okay. After that filter, if
11:37 you want to apply some filter like this
11:39 particular user is been matching then
11:42 only it will be synced or it can be able
11:43 to create an SSO. Then you can give
11:48 this. We are going by default itself.
11:51 After that we have a matching against.
11:53 Matching is against is an octa user
11:57 attribute which uh you can say match
11:59 against the IDP username to find the
12:01 existing user. If any user which has
12:03 already been present, we can just select
12:07 the particular uh user. So how you can
12:09 how octa or in travel search in the user
12:11 directory you can just select it with
12:13 the help of email the help of octa
12:16 username or email whatever you need like
12:17 we are going with octa username means
12:19 the octa username what we have given
12:22 here if it is same in the endra then it
12:24 will match both the users and it will
12:27 not create the previous user itself it
12:29 will directly link with the that
12:32 particular user again after that we have
12:34 account linking policy account linking
12:36 policy if you are going to take it to
12:39 automatic then automatically
12:42 it will link the incoming IDP user and
12:44 the existing users which has been
12:46 created in the out. Okay, as we have
12:48 discussed before how it will check, it
12:51 will check the username. Then after we
12:53 are saying okay, once the octa has been
12:55 checked then what doctor need to do? We
12:57 are saying it will it should be linked
12:59 automatically. If we have selected it,
13:01 it will link automatically. If you are
13:04 disabling it, it will you need to uh do
13:07 you want to manually link the user or if
13:09 you doesn't want to link those user then
13:12 you can untick it. Okay. After that we
13:15 have this filter option like you have
13:17 selected it uh that particular account
13:19 should be linked but you can filter out
13:22 it how if you want then the in this
13:24 group if any specific group you want to
13:27 select in this if the user is in this
13:30 group then then it should be linked or
13:32 you need to exclude some of the users
13:34 means apart from this user if the user
13:37 is in there then it should be or exclude
13:39 admins means for example if the admins
13:40 are there they should be excluded they
13:43 should automatically linked with those
13:46 but we are going with by default traffic
13:48 has been there based on your requirement
13:54 we can go ahead and bring this okay
13:57 here if no match found means we are the
13:59 octa is asking if any of the match is
14:01 not found with this username what I need
14:03 to do so you have two options you can
14:05 ask him to create a new user with the
14:08 help of chip so it will create a tree
14:10 user and it will ask you to check the
14:13 Okay. If it is if it is getting any
14:17 error then it will give you an log in.
14:19 Okay. Apart from that you can say them
14:22 to redirect to opt page. So it will ask
14:25 you what are the details of the opt. But
14:28 we are saying here go ahead and create a
14:32 new list. Okay. With the help of gent. So
14:35 So
14:37 now if the user is not the username is
14:40 not represented after it will create a
14:43 new user and update the signal. Okay.
14:46 Now we have given the instruction to
14:48 create a new user. Now he's saying what
14:50 is the profile source. Now J is asking
14:53 what is the profile source. We will say
14:56 if if you have created a new user then
14:58 it is good. Otherwise update the
15:01 attribute of the existing user. If it is
15:03 a new user has been created, let's give
15:06 it. If it is the same uh the previous
15:08 user which is already named in the T,
15:10 then what need to do? Then it will say
15:13 to if you get a previous user or the
15:15 user which is already present, then go
15:18 ahead and update the new attribute which
15:22 we have selected over here. Okay, here
15:23 is the reactivation settings. For
15:25 example, a user has been in the
15:27 deactivated state in the time. So the
15:30 object will go ahead and reactivate it.
15:32 If the user is in the suspending list,
15:33 suspended list means in the deleted
15:36 state of the octa, then we will suggest
15:38 octa to go ahead.
15:41 Unsuspended means it give it to the
15:44 active user and it will work as it is.
15:46 So if you want like that you can just
15:50 take it and it will work as it is. Okay.
15:51 Any specific group assignment if you
15:54 need it then can go ahead and select a
15:56 specific group or a full for all the
15:59 groups. Okay. we will take it as a
16:01 defaulted server. Till now the settings
16:03 are the same which we doesn't need it
16:06 from anything from the ID. Now as this
16:08 is the SL protocol settings so in both
16:10 the thing here the SL certificate
16:13 settings and SL
16:15 protocol. So here we needed the details
16:17 of the IDP.
16:20 IDP issuer URL that means which IDP you
16:22 are using
16:25 that issuer URI it is being it
16:27 identified issuer URI money means which
16:30 IDP is issuing the URL which IDP is
16:33 issuing the token to login towards the
16:36 so we are the Microsoft here we have
16:39 Microsoft identifier which is as a
16:42 issuer URL as Microsoft will issue the
16:45 token to lo
16:47 here we need to give the IDP P is your URL.
16:49 URL.
16:51 Okay, after it we have a single sign on
16:54 URL that is single sign on or log out
16:56 URL that we have discussed. Here is a
16:58 login URL that we have. So you need to
17:02 go ahead and paste here.
17:04 Then now we need the certificate that we
17:07 have IDP signature site. Anything if it
17:09 doesn't get here is a question mark. We
17:11 can just click on it and you can just
17:13 this black window will tell you all the
17:17 details of the particular option. Okay,
17:19 click on the browse file. We have that
17:21 we have downloaded
17:23 download section
17:26 and this is the opt certificate.
17:27 certificate.
17:31 It is being for
17:35 195 days. It is not going to expire.
17:39 Okay, that is near to 3 years, 3 years
17:42 something like that. Okay, so it has
17:44 been done. you have approved the
17:47 certificate and all rest we need to keep
17:50 it as default as
17:52 okay I think if you want to change you
17:54 can go ahead and change the settings like
17:56 like
17:58 security algorithms and the verification
18:00 details destination if you want to give
18:02 any but these are not mandatory things
18:05 you can go ahead and choose it is your
18:07 needed we will go by default okay we'll
18:10 click on finish
18:13 once it has been done it will Ask for
18:15 the port and it's due to the security
18:26 then be able to if you are typing also
18:35 then it has been successfully the IDP
18:39 has been created as it is now as we
18:41 needed some details from the octa and
18:44 also So that can verify yeah this is me
18:48 and you are going to connect with me. So
18:50 nothing much needed only these two URLs
18:53 has been needed from the OP or the
18:55 second thing is you can ask to download
18:59 a metadata file download it will
19:02 download and you need to just go to your
19:04 site here you will get an option to
19:06 upload the metadata file or you can
19:10 manually edit the identifiers. Okay. But
19:12 for our convenience purpose, we will
19:30 now you can see
19:57 Okay. So you can see the two URLs that
20:01 we have discussed has been updated.
20:03 Apart from that rest all the things are
20:05 same nothing changes has been done. So
20:07 now this is the basic modifications that
20:12 we have done between Octra and
20:16 okay apart from that we can go ahead and
20:18 we can test it out right now itself get
20:20 some error but yeah should also be
20:23 there. So we will just go ahead and we
20:49 give an error as we
20:51 check the sample application.
20:55 Let us see the top left
20:58 that we needed right. So
21:00 So
21:03 now we will
21:05 go to this. Okay, here we have done all
21:08 the things why we are getting the error.
21:11 We will go and we will check it. Okay,
21:12 it is not completed yet. There is the
21:14 reason I do it. We need to go under
21:17 reports. reports. We have system loss
21:19 all the details all the logs that we got
21:22 from the try and we will go here. Okay,
21:25 you can go ahead and you can see what is
21:28 the error we are getting from from where
21:34 it has been started. It is started from
21:37 granted access to appended
21:39 allow directory mappings provided access.
21:42 access.
21:45 Okay, after that it is bringing that
21:47 user should
21:49 authenticated by IDP means it is came
21:52 from the IDP and itself
21:55 unknown profile attribute means the
21:57 attribute mapping that we have done
22:03 those are okay all you will be getting
22:05 total these kind of attributes over
22:08 there you need to map that attribute
22:11 then only those attribute will be mapped toward.
22:14 toward.
22:18 Okay. So now what we need to do, we need
22:29 notepad
22:32 and paste it. Okay. Then
22:34 Then
22:38 the next thing you can just copy it and
22:39 paste it as you. Now the next thing
22:42 where we need to update it right. So we
22:45 need to go
22:47 save security options
22:50 to provide users
22:52 providers. We have this after 200
22:55 created and we have added profile mappings.
22:57 mappings. Okay.
22:58 Okay.
23:01 Here we have all the mapping. So these
23:04 are the mapping that to update here.
23:09 We need to upload this custom.
23:10 First you need to go here. You need to
23:13 change some settings like it should be
23:16 app dot username. It should be app dot
23:19 first name. Not so it should be the
23:21 application what is happening in the
23:23 like we have created the user. So it
23:26 should be what application is. Okay.
23:30 After that we need to change it
23:32 one the main the main attributes that we
23:50 the
23:54 or we can say the email id should be the id.
23:56 id. Okay.
23:58 Okay.
24:02 So we will save the mapping apply mapping.
24:04 mapping.
24:07 Now again we need to go here
24:10 to intra another part that we have we
24:12 need to
24:18 same mapping applied.
24:48 those attribute.
25:09 first name, last name, email,
25:38 I name
25:46 as it is as it was given in particular
25:48 particular
25:52 first and the
25:55 other name that has been given. Okay,
25:58 like this you go ahead you can attribute
26:01 first name for attribute the same value
26:59 ID
29:21 So like this you need to provide all the
29:25 identifiers the names itself. Once these
29:29 all been set up, now we will go test
30:00 successfully that means
30:02 successfully. So like this you can just
30:05 configure your signal. The only thing
30:08 you need to take care of this text
30:13 and the value of the website and that
30:15 should be user
30:20 user and there are you can get you can
30:22 also for your requirement and other
30:25 things and see identity provider you can
30:27 just create multiple identity providers
30:30 that you have. So you can test and you can
30:32 can
30:34 play with those and based on that you
30:38 can draw into the itself. So it's like that.
30:56 If this video helped you, please give it
30:58 a like and subscribe for more cloud
31:00 identity and access management tutorials.
31:01 tutorials.
31:03 Hit the bell icon so you never miss an
31:06 update on SSO, Entra ID, Octa, and
31:09 security integrations.
31:11 Got questions, issues, or want us to
31:14 cover a specific use case? Drop them in
