Product
Okta Identity Engine, Symantec Siteminder
Objective
This document explains how to migrate the Identity Provider (IdP) configuration from Symantec SiteMinder to Okta CIAM.
Details
Use Case
Often, there is a need for the company’s external customers to access the company’s internal applications where the internal applications are protected by Siteminder. In this case, SiteMinder acts as the Service Provider (SP) and external customer functions as the Identity Provider (IdP) and a Federation partnership is configured in Siteminder.
The Siteminder solution needs to move to Okta CIAM Solution. Let’s look at the configuration steps in Okta.
Configuration
In this process, an Identity Provider is created in the CIAM tenant for the external customer.
The goal of this migration is to ensure that authentication requests from external customers are redirected to Okta.
- Login to Okta
Open the following link in a web browser and login to the Okta tenant.
https://<company’s org>.okta.com
- Go to Identity Providers
Go to Security.
Click on Identity Providers.
Click on Add Identity Provider.
- Create a SAML 2.0 Identity Provider
Select SAML 2.0 IdP.
Click Next to add the details
Please note below options while creating the IdP:
IdP Username
Set the value as:
idpuser.subjectNameId
JIT Provisioning
JIT as needed.
If No User Match is Found
Select Redirect to Okta sign-in page.
IdP Issuer URI
Remote Entity ID in SiteMinder Partnership, or the external customer team can provide an appropriate one if a new integration has been created.
IdP Single Sign-On URL
SSO Service URL in SiteMinder Partnership or the external customer team can provide an appropriate one if a new integration has been created.
IdP Signature Certificate
The certificate is exported from Siteminder and imported into Okta.
Reference
Add a SAML 2.0 IdP | Okta Identity Engine
Author
Harish Upadhyay