SAML with Okta
Based on your application type, refer to the appropriate section for SAML with Okta configuration:
Once SAML configuration is ready, you can add user groups to erwin Mart Portal.
erwin Mart Portal On-Cloud
Before you configure SAML with Okta, ensure that you have responded to the questionnaire from your Quest Support representative so that they can provide you with the Application Callback URL for your erwin Mart Portal instance. If you did not receive the questionnaire, reach out to your Quest Support representative.
To configure SAML with Okta for erwin Mart Portal on-cloud authentication, follow these steps:
-
Log in to the Okta environment.
-
Click Applications > Applications > Create application.
-
Enter Name for your application.
-
Under application type, select Regular Web Applications.
-
Click Create.
-
Click Addons > SAML2 Web App.
-
Click Settings.
-
Uncomment line number 4, 6, 11, and 12.
-
On the Addon: SAML2 Web App screen, enter the URL provided by Quest Support in the Application Callback URL field.
-
Scroll down and click Enable. Then, click Save.
-
On the menu, click User Management > Users > Create Users.
-
Enter appropriate values in the required fields and click Create.
-
On the menu, click User Management > Users > Roles > Create Roles.
-
Enter appropriate values in the required fields and click Create. Then, click Save.
-
On the Roles page, click
. Then, click Assign To Users.
-
Under Select users, select the required user and click Assign.
-
On the Users page, click a user.
-
On the Details tab, scroll to the Metadata section.
-
Under app_metadata, add the following and click Save.
"groups": ["QA",
"Modeler"
]
-
On the menu, click Applications > Applications and open your application.
-
Scroll down to the Advanced Settings section.
-
Click Endpoints and scroll to the SAML section.
-
Copy the SAML Metadata URL.
-
Go to your Okta Auth0 environment. Open your application, and then click Addons.
-
Click SAML2 Web App > Settings.
-
Copy the email and groups values.
Similarly, you can add a display name here.
-
Share the following details with the Mart Cloud Support team:
-
Metadata XML URL: The URL copied in step 23.
-
Group Attribute Name: The value configured in step 26.
-
User Email Attribute Name: The value configured in step 26.
-
User Display Name Attribute Name: The value configured in step 26.
Once the support team authenticates erwin Mart Portal for you, you can move to adding groups in erwin Mart Portal at https://<your_instance>.myerwin.com/MartPortal.
-
erwin Mart Portal On-Premises
To configure SAML with Okta for erwin Mart Portal on-premises authentication, follow these steps:
-
Log in to the Okta environment.
-
Click Applications > Applications > Create application.
-
Enter Name for your application.
-
Under application type, select Regular Web Applications.
-
Click Create.
-
Click Addons > SAML2 Web App.
-
Click Settings.
-
Uncomment line number 4, 6, 11, and 12.
-
Download the SP Metadata file (erwin Mart Portal) Configuration > Authentication > Download SP Metadata and open it in any text editor and copy the URL in the last line as highlighted in the following image.
-
On the Addon: SAML2 Web App screen, paste the copied URL in the Application Callback URL field.
-
Scroll down and click Enable. Then, click Save.
-
On the menu, click User Management > Users > Create Users.
-
Enter appropriate values in the required fields and click Create.
-
On the menu, click User Management > Users > Roles > Create Roles.
-
Enter appropriate values in the required fields and click Create. Then, click Save.
-
On the Roles page, click
. Then, click Assign To Users.
-
Under Select users, select the required user and click Assign.
-
On the Users page, click a user.
-
On the Details tab, scroll to the Metadata section.
-
Under app_metadata, add the following and click Save.
"groups": ["QA",
"Modeler"
]
-
On the menu, click Applications > Applications and open your application.
-
Scroll down to the Advanced Settings section.
-
Click Endpoints and scroll to the SAML section.
-
Copy the SAML Metadata URL.
-
Go to your Okta Auth0 environment. Open your application, and then click Addons.
-
Click SAML2 Web App > Settings.
-
Copy the email and groups values.
Similarly, you can add a display name here.
-
For Mart Portal on-premises, on the erwin Mart Portal Configuration screen, click the Authentication tab, and then follow these steps:
-
In the Metadata XML field, paste the copied SAML Metadata URL copied in step 24.
-
In the Group Attribute Name, User Email Attribute Name, and User Display Name Attribute Name fields, enter the values that are configured in step 27.
The User Email Attribute Name and User Display Name Attribute Name fields are optional.
-
-
Click Configure.
Your erwin Mart Portal is now authenticated via Okta.
Adding Groups in erwin Mart Portal
To add your Okta SAML groups to erwin Mart Portal, follow these steps:
-
Create a CSV file containing the <group_attribute_value> and <group_display_name>.
You can also use the sample template for groups and replace the sample values with the actual Group Attribute Name and Group Display Name.
-
Log in to the erwin Mart Portal as an administrator.
-
Go to Application Menu > Users.
The Users page appears.
-
Click Add User.
The Add User page appears.
-
Under User Type, select SAML Group
-
Drag and drop the CSV file that you created in step 1.
-
Under Group name, select the required group.
-
In the Email Address field, enter your email address.
-
Click Save.
The group has been added.