{"id":57690,"date":"2023-06-13T09:00:27","date_gmt":"2023-06-13T07:00:27","guid":{"rendered":"https:\/\/nolabnoparty.com\/?p=57690"},"modified":"2026-04-29T14:04:41","modified_gmt":"2026-04-29T12:04:41","slug":"vmware-uag-okta-saml-integration-pt-1","status":"publish","type":"post","link":"https:\/\/nolabnoparty.com\/en\/vmware-uag-okta-saml-integration-pt-1\/","title":{"rendered":"VMware UAG: Okta SAML integration - pt.1"},"content":{"rendered":"<p><img decoding=\"async\" class=\"aligncenter wp-image-57803 size-full\" title=\"vmware-uag-okta-saml-integration-01\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-01.jpg\" alt=\"vmware-uag-okta-saml-integration-01\" width=\"602\" height=\"202\" \/><\/p>\n<p>To <strong>provide MFA<\/strong> during the authentication process, Okta SAML can be integrated in <a href=\"https:\/\/nolabnoparty.com\/en\/vmware-uag-two-factor-authentication-configuration\/\">VMware UAG<\/a> to increase the security level of your <a href=\"https:\/\/nolabnoparty.com\/en\/vmware-horizon-configure-smart-card-authentication\/\">Horizon VDI infrastructure<\/a>.<\/p>\n<p>SAML (Security Assertion Markup Language) is an <strong>XML-based standard<\/strong> for transferring identity data between two parties:<!--more--><\/p>\n<ul>\n<li>Identity provider (IdP) - Okta<\/li>\n<li>Service provider (SP) - UAG<\/li>\n<\/ul>\n<p><img decoding=\"async\" class=\"aligncenter size-large wp-image-57698\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-02-600x320.jpg\" alt=\"\" width=\"600\" height=\"320\" title=\"\"><\/p>\n<p style=\"text-align: center;\">picture from vmware<\/p>\n<p>&nbsp;<\/p>\n<h2>Blog series<\/h2>\n<p>VMware UAG: Okta SAML integration - configure Okta environment<br \/>\n<a href=\"https:\/\/nolabnoparty.com\/en\/vmware-uag-okta-saml-integration-pt-2\/\">VMware UAG: Okta SAML integration - configure SAML in Okta and UAG<\/a><\/p>\n<p>&nbsp;<\/p>\n<h2>Setup Okta environment<\/h2>\n<p>To configure the Okta platform you need to login to the Admin console first.<\/p>\n<p>Using your preferred browser enter the URL <em><span style=\"color: #0000ff;\">https:\/\/okta.com<\/span><\/em> and click <strong>Login<\/strong>\u00a0to access the console. Enter your <strong>Username<\/strong> and click <strong>Next<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-full wp-image-57710\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-03.jpg\" alt=\"\" width=\"402\" height=\"439\" title=\"\"><\/p>\n<p>Enter the correct <strong>Password<\/strong> and click <strong>Verify<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-full wp-image-57712\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-04.jpg\" alt=\"\" width=\"402\" height=\"543\" title=\"\"><\/p>\n<p>Click <strong>Admin<\/strong> to begin the Okta environment configuration.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-large wp-image-57714\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-05-600x208.jpg\" alt=\"\" width=\"600\" height=\"208\" title=\"\"><\/p>\n<p>The Okta dashboard.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-large wp-image-57716\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-06-600x343.jpg\" alt=\"\" width=\"600\" height=\"343\" title=\"\"><\/p>\n<p>To leverage MFA capability, Okta needs to be synced with Active Directory to authenticate Users during the login process to your VMware Horizon infrastructure.<\/p>\n<p>&nbsp;<\/p>\n<h4>Okta SAML Agent prerequisites<\/h4>\n<p>Before proceeding with Okta configuration, you need to meet some prerequisites.<\/p>\n<p>To authenticate the users who need to access Horizon VDIs, you need to <strong>synchronize your Active Directory<\/strong> with Okta. This requirement is achieved by <strong>installing an Okta Agent<\/strong> in an on-prem server.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-large wp-image-57720\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-07-600x210.jpg\" alt=\"\" width=\"600\" height=\"210\" title=\"\"><\/p>\n<p>The used server must meet the following prerequisites:<\/p>\n<ul>\n<li>The Windows Server can be virtual or physical.<\/li>\n<li>2 vCPUs and 8GB RAM.<\/li>\n<li>The Okta Agent can be installed in Windows 2016\/2019\/2022.<\/li>\n<li>The server must be joined to the domain as member. The Host can be a member of any domain in the same forest.<\/li>\n<li>The <strong>.NET 4.6.2<\/strong> or later must be installed on the server.<\/li>\n<li>An Okta service account is required to install and run the agent.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h4>Download Okta Agent<\/h4>\n<p>From Okta Admin console, go to <strong>Directory &gt; Directory Integrations<\/strong> area and click <strong>Add Active Directory<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-large wp-image-57722\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-08-600x320.jpg\" alt=\"\" width=\"600\" height=\"320\" title=\"\"><\/p>\n<p>Click <strong>Set Up Active Directory<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-large wp-image-57724\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-09-600x795.jpg\" alt=\"\" width=\"600\" height=\"795\" title=\"\"><\/p>\n<p>Click <strong>Download Agent<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-large wp-image-57726\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-10-600x246.jpg\" alt=\"\" width=\"600\" height=\"246\" title=\"\"><\/p>\n<p>Once the Agent has been downloaded, you need to install the Agent in your on-prem server to <strong>establish the connection<\/strong> to Okta portal using URL and account reported in the Admin console.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-large wp-image-57728\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-11-600x339.jpg\" alt=\"\" width=\"600\" height=\"339\" title=\"\"><\/p>\n<p>&nbsp;<\/p>\n<h4>Create Active Directory Okta service account<\/h4>\n<p>Before proceeding with the Agent installation, you need to <strong>create the service account<\/strong> in your Active Directory (<em>okta.service<\/em> in the example) used to run the Agent service.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-large wp-image-57730\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-12-600x395.jpg\" alt=\"\" width=\"600\" height=\"395\" title=\"\"><\/p>\n<p>Assign the following permissions:<\/p>\n<ul>\n<li>Add the Okta service account to the <strong>Pre-Windows 2000 Compatible Access<\/strong> group.<\/li>\n<\/ul>\n<p><img decoding=\"async\" class=\"aligncenter size-large wp-image-57732\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-13-600x474.jpg\" alt=\"\" width=\"600\" height=\"474\" title=\"\"><\/p>\n<ul>\n<li>Assign the <strong>Read all properties<\/strong> for the AD objects to sync.<\/li>\n<\/ul>\n<p><img decoding=\"async\" class=\"aligncenter size-large wp-image-57734\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-14-600x364.jpg\" alt=\"\" width=\"600\" height=\"364\" title=\"\"><\/p>\n<p>Make sure to include the Okta service account as <strong>member of the local Administrators<\/strong> group in the on-prem server.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-large wp-image-57736\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-15-600x489.jpg\" alt=\"\" width=\"600\" height=\"489\" title=\"\"><\/p>\n<p>Login the on-prem server using the <strong>Okta service account<\/strong> and copy the Agent installer. Run the installer and click <strong>Next<\/strong> to begin the installation.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-full wp-image-57738\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-16.jpg\" alt=\"\" width=\"499\" height=\"386\" title=\"\"><\/p>\n<p>Leave default <strong>Installation folder<\/strong> and click <strong>Install<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-full wp-image-57740\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-17.jpg\" alt=\"\" width=\"499\" height=\"386\" title=\"\"><\/p>\n<p>A required component is installed in the server.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-full wp-image-57742\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-18.jpg\" alt=\"\" width=\"499\" height=\"386\" title=\"\"><\/p>\n<p>Specify the correct <strong>Domain<\/strong> name and click <strong>Next<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-full wp-image-57744\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-19.jpg\" alt=\"\" width=\"499\" height=\"386\" title=\"\"><\/p>\n<p>If you have already created the service account, select <strong>Use an alternate account that I specify<\/strong> option and enter both <strong>Username<\/strong> and <strong>Password<\/strong>. Click <strong>Next<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-full wp-image-57746\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-20.jpg\" alt=\"\" width=\"499\" height=\"386\" title=\"\"><\/p>\n<p>If this message is displayed, make sure the service account is a member of the <strong>Pre-Windows 2000 Compatible Access<\/strong> AD group.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-full wp-image-57748\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-21.jpg\" alt=\"\" width=\"499\" height=\"386\" title=\"\"><\/p>\n<p>Click <strong>Next<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-full wp-image-57750\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-22.jpg\" alt=\"\" width=\"499\" height=\"386\" title=\"\"><\/p>\n<p>In the <strong>Enter Organization URL<\/strong> field enter the URL as indicated in the <a href=\"https:\/\/okta.com\" target=\"_blank\" rel=\"noopener\">Okta portal<\/a> (<em>https:\/\/trial-9648815.okta.com<\/em> in the example). The URL can be customized when a valid license has been purchased. Click <strong>Next<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-full wp-image-57752\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-23.jpg\" alt=\"\" width=\"499\" height=\"386\" title=\"\"><\/p>\n<p>Enter your <strong>Username<\/strong> and click <strong>Next<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-large wp-image-57754\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-24-600x446.jpg\" alt=\"\" width=\"600\" height=\"446\" title=\"\"><\/p>\n<p>Enter the <strong>Password<\/strong> and click <strong>Verify<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-large wp-image-57756\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-25-600x446.jpg\" alt=\"\" width=\"600\" height=\"446\" title=\"\"><\/p>\n<p>Click <strong>Allow Access<\/strong> to grant requested permissions.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-large wp-image-57758\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-26-600x446.jpg\" alt=\"\" width=\"600\" height=\"446\" title=\"\"><\/p>\n<p>The Agent is being registered.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-full wp-image-57760\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-27.jpg\" alt=\"\" width=\"499\" height=\"386\" title=\"\"><\/p>\n<p>Click <strong>Finish<\/strong> to close the installation wizard.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-full wp-image-57763\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-28.jpg\" alt=\"\" width=\"499\" height=\"386\" title=\"\"><\/p>\n<p>Open the <strong>Okta AD Agent Management Utility<\/strong> and verify if the Agent is running.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-full wp-image-57765\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-29.jpg\" alt=\"\" width=\"336\" height=\"276\" title=\"\"><\/p>\n<p>&nbsp;<\/p>\n<h2>Configure AD in Okta portal<\/h2>\n<p>Move back to Okta portal. Once the Agent established the connection with Okta portal, click <strong>Next<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-full wp-image-57768\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-30.jpg\" alt=\"\" width=\"434\" height=\"195\" title=\"\"><\/p>\n<p>Select OUs to<strong> sync Users and Groups from<\/strong> and leave default <strong>Okta username format<\/strong>. Click <strong>Next<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-large wp-image-57770\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-31-600x660.jpg\" alt=\"\" width=\"600\" height=\"660\" title=\"\"><\/p>\n<p>Click <strong>Next<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-full wp-image-57772\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-32.jpg\" alt=\"\" width=\"434\" height=\"206\" title=\"\"><\/p>\n<p>Leave default attributes and click <strong>Next<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-large wp-image-57774\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-33-600x382.jpg\" alt=\"\" width=\"600\" height=\"382\" title=\"\"><\/p>\n<p>The Agent setup is complete. Click <strong>Done<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-large wp-image-57776\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-34-600x224.jpg\" alt=\"\" width=\"600\" height=\"224\" title=\"\"><\/p>\n<p>&nbsp;<\/p>\n<h2>Import Users and Groups in Okta<\/h2>\n<p>From <strong>Directory Integrations<\/strong> area, select the <strong>Import<\/strong> tab and click <strong>Import Now<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-large wp-image-57779\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-35-600x338.jpg\" alt=\"\" width=\"600\" height=\"338\" title=\"\"><\/p>\n<p>Since this is the first import, select <strong>Full import<\/strong> and click <strong>Import<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-full wp-image-57781\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-36.jpg\" alt=\"\" width=\"578\" height=\"557\" title=\"\"><\/p>\n<p>The system <strong>starts importing<\/strong> Users and Groups from the selected OUs.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-full wp-image-57783\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-37.jpg\" alt=\"\" width=\"281\" height=\"158\" title=\"\"><\/p>\n<p>After a few seconds, Users and Groups have been imported in Okta. Click <strong>OK<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-full wp-image-57785\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-38.jpg\" alt=\"\" width=\"281\" height=\"374\" title=\"\"><\/p>\n<p>Now select <strong>users to assign to Okta<\/strong> and click <strong>Confirm Assignments<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-large wp-image-57787\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-39-600x420.jpg\" alt=\"\" width=\"600\" height=\"420\" title=\"\"><\/p>\n<p>Enable <strong>Auto-Activate users after confirmation<\/strong> checkbox and click <strong>Confirm<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-full wp-image-57789\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-40.jpg\" alt=\"\" width=\"542\" height=\"361\" title=\"\"><\/p>\n<p>Selected Users have been <strong>assigned and confirmed<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-large wp-image-57791\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-41-600x219.jpg\" alt=\"\" width=\"600\" height=\"219\" title=\"\"><\/p>\n<p>The setup of the Directory integration is now complete and Okta can now synchronize the configured OUs.<\/p>\n<p><a href=\"https:\/\/nolabnoparty.com\/en\/vmware-uag-okta-saml-integration-pt-2\/\">Part 2<\/a> will cover the <strong>SAML configuration<\/strong> in Okta and UAG with a connection test to verify if everything works as expected.<\/p>\n<p><img decoding=\"async\" title=\"signature\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/images\/firma.jpg\" alt=\"signature\" \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>To provide MFA during the authentication process, Okta SAML can be integrated in VMware UAG to increase the security level of your Horizon VDI infrastructure. SAML (Security Assertion Markup Language) is an XML-based standard for transferring identity data between two parties:<\/p>\n","protected":false},"author":3,"featured_media":57803,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rop_custom_images_group":[],"rop_custom_messages_group":[],"rop_publish_now":"initial","rop_publish_now_accounts":{"linkedin_93tdZWzMZc_93tdZWzMZc":"","facebook_2879994398731222_17841400390232720":"","twitter_113568041_113568041":"","mastodon_115463926174894442_115463926174894442":""},"rop_publish_now_history":[],"rop_publish_now_status":"pending","footnotes":""},"categories":[1025,2905],"tags":[668,2673,2448,2250],"class_list":["post-57690","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-horizon-en","category-omnissa-en","tag-authentication-en","tag-okta","tag-saml","tag-uag","has_thumb"],"_links":{"self":[{"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/posts\/57690","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/comments?post=57690"}],"version-history":[{"count":0,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/posts\/57690\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/media\/57803"}],"wp:attachment":[{"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/media?parent=57690"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/categories?post=57690"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/tags?post=57690"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}