Configure the Okta application

Configure settings in Okta to connect your Okta instance to Puppet Enterprise (PE).

Before you begin: Get URLs and the signing and encryption certificate required to connect Okta to PE.

Log in to the Okta Admin Console and navigate to Applications > Applications > Create App Integration.
The App Integration Wizard starts.
Select SAML 2.0 for the Sign-in method, and click Next.
On the General Settings tab:
1. Enter Puppet Enterprise for the App name.
2. Upload an App logo and select App visibility options.
3. Click Next.
On the Configure SAML tab:
1. Paste the SAML assertion consumer service (ACS) URL from PE in the Single sign on URL field.
2. Paste the SAML metadata URL from PE in the Audience URI (SP Entity ID) field.
3. Set the Default RelayState.
4. Select a Name ID format and Application username.
Click Advanced Settings, and specify parameters that you'll match to service provider configuration options in PE later.
1. Select options for Response, Assertion Signature, Signature Algorithm, Digest Algorithm, and Assertion Encryption.
2. Select Allow application to initiate Single Logout, and then paste the SAML Single Logout URL from PE in the Single Logout URL field.
3. Paste the SAML assertion consumer service (ACS) URL from PE in the SP Issuer field.
4. For the Signature Certificate, upload the file containing the Signing and Encryption Certificate from PE.
5. Configure the Assertion Inline Hook, Authentication context class, Honor Force Authentication, and SAML Issuer ID.
Take note of the Authentication context class setting. You'll need this value when you configure the Okta connection settings in PE.
Click Next, complete the feedback survey (if desired), and then click Finish.
Copy the URLs and download the certificate from the How to Configure SAML 2.0 for Puppet Enterprise Application page. You'll need this information to connect to Okta in the PE console.

What to do next Connect to Okta in the PE console