SSO using OKTA SAML IN ANYPOINT PLATFORM

 

In this tutorial we will demonstrate on how we can Implement SSO using OKTA SAML External Identity Provider for MuleSoft Anypoint Platform

To Start with first create an account on OKTA

https://developer.okta.com/signup

 

Activate your account and login into it

 

Now we have to create an app for accessing OKTA server from Anypoint Platform

OKTA provide out of the box functionality to setup MuleSoft Anypoint platform app, for doing this

Change to classic view by clicking drop down

 

Click on add application

 

Select MuleSoft

 

Click Add

 

Change the app name as per your need and click done

 

Assign the group

 

Group will be shown

 

Click on Sign On then Edit and Enable Single Logout

 

This will expect a Signature certificate which we can get from Anypoint Platform by following below steps

Go to Anypoint platform -> identity providers -> SAML 2.0

 

Download the Idp signing certificate

 

Save on local disk

 

Upload the signing certificate in OKTA MuleSoft app configuration

SSO using OKTA SAML in Anypoint Platform

 

Click Upload and this will upload the certificate

SSO using OKTA SAML in Anypoint Platform

 

Click on View Setup Instructions and Click on Save

SSO using OKTA SAML in Anypoint Platform

 

As this will provide below details we need in Anypoint platform setup

  • Sign On URL – https://dev-6078239.okta.com/app/anypointplatform/exkfww9tIP2jLqufT5d5/sso/saml
  • Sign Off URL – https://dev-6078239.okta.com
  • Issuer – http://www.okta.com/exkfww9tIP2jLqufT5d5
  • Public Key
-----BEGIN CERTIFICATE-----
MIIDpjCCAo6gAwIBAgIGAXVoxY/xMA0GCSqGSIb3DQEBCwUAMIGTMQswCQYDVQQGEwJVUzETMBEG
A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
MBIGA1UECwwLU1NPUHJvdmlkZXIxFDASBgNVBAMMC2Rldi02MDc4MjM5MRwwGgYJKoZIhvcNAQkB
Fg1pbmZvQG9rdGEuY29tMB4XDTIwMTAyNzA2MzUxOVoXDTMwMTAyNzA2MzYxOVowgZMxCzAJBgNV
BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMQ0wCwYD
VQQKDARPa3RhMRQwEgYDVQQLDAtTU09Qcm92aWRlcjEUMBIGA1UEAwwLZGV2LTYwNzgyMzkxHDAa
BgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCoh1pRR9FtopouiQU55yt0Xw7nKHUec3ebPEWloR2e+kHeO+gYxtjXjsTUzdWb87KMVs1pErEj
1Y3lL5DHVdqA5SZuvv4X02S+50XL/8mP3o+sDYEPzx12uu4tH2/w0eyGg/xq4yG92JSz109Hjzl1
2xJIefmBASzAQsQEh2RyNQBPfw/UKKL4YdIwNZ2xXPCTVw3jVMn+pTHVWoT1I9hFFQ89eA5hy9AW
zZqOouT4YLDAzJ0t9iTXJ2kpUSEFj8PjpCvaL4Btazb9iqJrA7T2Y8iBJMWFeai0PwqAWiFPk2XZ
sAv4riJoHsI6QuIaf95CCNo/ui4EnhQLjLu7sqZVAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAHBR
2CM+Qw8sfqJ0cC20agXtL0w0wZUafozvclPYznPv5R7s8wFsayRG+5l+LWtOcvQrRG/SZReONzw5
IUIrji1oOH+Oqg9vdilbZcLYOZlIDZiAZsvsxTtl41OiAoaeFlVpCSh/u+vr4jFkbxxAUujVYRxa
e3apzdd7JwRctQKQpmaLsGEWPNJsFOunmZtXLDfoIXQGupPeHCrjdFayOfbkqkxNRDg4OOsSWGCk
0RkHaDj3d2okmQoMdjKXQc6KLvC57DCL8jiqB6tKCAd2fNBDesyOjvJd8T1fCBhNeTBnxnrwsF7K
Z6+83/2vlCzGvHdK0ij2quGPc2wld7+uE80=
-----END CERTIFICATE-----
  • Audience – exkfww9tIP2jLqufT5d5.anypoint.mulesoft.com

Add the details in Anypoint platform identity provider configuration

SSO using OKTA SAML in Anypoint Platform

 

Click on create and now the identity provider -> external provider will come as enabled

 

Now let’s add a user in OKTA group

Go to Users -> Add Person

 

We can see the new user now assigned to Everyone group

SSO using OKTA SAML in Anypoint Platform

 

Now we will get the SSO sign in url to login in Anypoint platform

Go to MuleSoft app in OKTA -> General -> Embed Link

SSO using OKTA SAML in Anypoint Platform

 

https://dev-6078239.okta.com/home/anypointplatform/0oafww9uYs5aLLh5U5d5/aln18o1v0nq1J7xPx1d8

SSO using OKTA SAML in Anypoint Platform

 

This will redirect us to OKTA login page

SSO using OKTA SAML in Anypoint Platform

 

Provide the new username and credentials

SSO using OKTA SAML in Anypoint Platform

 

We are able to login now in Anypoint Platform

SSO using OKTA SAML in Anypoint Platform

 

  
Thank you for taking out time to read the above post. Hope you found it useful. In case of any questions, feel free to comment below. Also, if you are keen on knowing about a specific topic, happy to explore your recommendations as well.
 
For any latest updates or posts on our website, you can follow us on LinkedIn. Look forward to connecting with you there.


Share this:
Subscribe
Notify of
guest
1 Comment
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Ashutosh Kumar
3 years ago

Hi,
I’m facing one issue while accessing the anypoint login through OKTA using SAML 2.0 configuration.
Unauthorized: Unknown organization for SAML issuer and audience.

A quick response would really help alot.
Thanks

Screenshot 2021-11-24 133252.png