VMware UAG: Okta SAML integration - pt.2

vmware-uag-okta-saml-integration-configure-saml-01

When Active Directory is synced with Okta, you need to configure Okta SAML in your VMware UAG components to access the VDI infrastructure.

Both Okta environment and VMware UAG must be configured accordingly to take advantage of SAML capability.

 

Blog series

VMware UAG: Okta SAML integration - configure Okta environment
VMware UAG: Okta SAML integration - configure SAML in Okta and UAG

 

Configure Okta SAML Application

From Okta Admin console, go to Applications > Applications area and click Create App Integration.

Okta SAML 1

Select SAML 2.0 option and click Next.

Okta SAML 2

Specify the App name and optionally upload the App logo. Click Next.

Okta SAML 3

In the SAML Settings enter the requested values:

  • Single sign on URL - https://<UAG-FQDN>/portal/samlsso
  • Use this for Recipient URL and Destination URL - make sure this option is enabled
  • Audience URI (SP Entity ID) - https://<UAG-FQDN>/portal

Click Next at the bottom.

Okta SAML 4

In the Feedback tab, the choice doesn't affect SAML configuration. Select I'm a software vendor. I'd like to integrate my app with Okta option to avoid further questions. Click Finish.

Okta SAML 5

You are automatically redirected to Sign On tab. Click Copy to copy the URL to dowload the Identity Provider metadata.

Okta SAML 6

Using your preferred browser, paste the copied URL and copy the metadata info displayed.

Okta SAML 7

Paste the metadata in an editor and save the file as .xml (okta.xml in the example).

Okta SAML 8

 

Assign Users to application

Go to Assignments tab and select Assign > Assign to Groups.

Okta SAML 9

Select the appropriate groups and click Assign.

Okta SAML 10

When the desired AD groups have been assigned, click Done.

Okta SAML 11

The assigned Users/Groups.

Okta SAML 12

Check in the Application tab if the just created application is active.

Okta SAML 13

 

Configure SAML in the UAG

Login to UAG by entering the correct credentials. Click Login.

Okta SAML 14

Click Select in the Configure Manually side.

Okta SAML 15

Under Advanced Settings > Identity Bridging Settings click the gear icon next to Upload Identity Provider Metadata.

Okta SAML 16

In IDP Metadata field click Select and choose the Okta .xml file previously downloaded.

Okta SAML 17

Click Save.

Okta SAML 18

Now under General Settings, turn the Edge Service Settings on and click on the gear icon next to Horizon Settings.

Okta SAML 19

Click More at the bottom.

Okta SAML 20

Set Auth Methods as SAML and Passthrough. Select the appropriate Identity Provider from the drop-down menu (http://www.okta.com/xxxxxxx in the example) and click Save at the bottom.

Okta SAML 21

 

Test connection to VDI

Using your favorite browser, enter the public URL to access your Horizon infrastructure. You are automatically redirected to the Okta login page. Enter the Username and click Next.

Okta SAML 22

Enter the Password and click Verify.

Okta SAML 23

 

First connection to Okta

The first time the user connects with Okta after verifying the password, the user is prompted to enter the Secondary email. Enter the email address then click Finish.

Okta SAML 24

Applications that have been assigned to the user are displayed. Click the created VMware UAG application to access the VDI infrastructure.

Okta SAML 25

As additional layer of security during the authentication process, you need to setup the preferred security method used to access. Select Okta Verify and click Set up to leverage token and push capabilities.

Okta SAML 26

Install the Okta Verify application in your mobile and scan the QR code to configure your account.

Okta SAML 27

Once the security method has been configured, select the preferred option (Get a push notification in the example) to access.

Okta SAML 28

A push notification is sent to your mobile application.

Okta SAML 29

From Okta Verify application grant the access by selecting Yes, It's Me.

Okta SAML 30

If the authentication through Okta SAML completes successfully, you are signed to your Horizon VDI infrastructure.

Okta SAML 31

The typical Horizon Client interface is displayed showing Desktop Pools and Applications the user is entitled. Select the desired Desktop Pool to access the VDI.

Okta SAML 32

The VDI is now available and ready for the user.

Okta SAML 33

Okta SAML has been configured successfully and your users can now leverage MFA to securely access virtual desktops.

signature

One Response

  1. Darren 19/02/2025