{"id":57796,"date":"2023-06-20T09:00:07","date_gmt":"2023-06-20T07:00:07","guid":{"rendered":"https:\/\/nolabnoparty.com\/?p=57796"},"modified":"2026-04-29T14:04:18","modified_gmt":"2026-04-29T12:04:18","slug":"vmware-uag-okta-saml-integration-pt-2","status":"publish","type":"post","link":"https:\/\/nolabnoparty.com\/en\/vmware-uag-okta-saml-integration-pt-2\/","title":{"rendered":"VMware UAG: Okta SAML integration - pt.2"},"content":{"rendered":"<p><img decoding=\"async\" class=\"aligncenter wp-image-57806 size-full\" title=\"vmware-uag-okta-saml-integration-configure-saml-01\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-configure-saml-01.jpg\" alt=\"vmware-uag-okta-saml-integration-configure-saml-01\" width=\"602\" height=\"202\" \/><\/p>\n<p>When Active Directory is synced with Okta, you need to configure Okta SAML in your <a href=\"https:\/\/nolabnoparty.com\/en\/vmware-uag-dns-resolution-issue\/\">VMware UAG<\/a> components to access the VDI infrastructure.<\/p>\n<p>Both Okta environment and VMware UAG must be <strong>configured accordingly<\/strong> to take advantage of SAML capability.<!--more--><\/p>\n<p>&nbsp;<\/p>\n<h2>Blog series<\/h2>\n<p><a href=\"https:\/\/nolabnoparty.com\/en\/vmware-uag-okta-saml-integration-pt-1\/\">VMware UAG: Okta SAML integration - configure Okta environment<\/a><br \/>\nVMware UAG: Okta SAML integration - configure SAML in Okta and UAG<\/p>\n<p>&nbsp;<\/p>\n<h2>Configure Okta SAML Application<\/h2>\n<p>From <a href=\"https:\/\/www.okta.com\/\" target=\"_blank\" rel=\"noopener\">Okta Admin console<\/a>, go to <strong>Applications &gt; Applications<\/strong> area and click <strong>Create App Integration<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-large wp-image-57808\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-configure-saml-02-600x366.jpg\" alt=\"\" width=\"600\" height=\"366\" title=\"\"><\/p>\n<p>Select <strong>SAML 2.0<\/strong> option and click <strong>Next<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-large wp-image-57810\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-configure-saml-03-600x350.jpg\" alt=\"\" width=\"600\" height=\"350\" title=\"\"><\/p>\n<p>Specify the <strong>App name<\/strong> and optionally upload the <strong>App logo<\/strong>. Click <strong>Next<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-large wp-image-57812\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-configure-saml-04-600x328.jpg\" alt=\"\" width=\"600\" height=\"328\" title=\"\"><\/p>\n<p>In the <strong>SAML Settings<\/strong> enter the requested values:<\/p>\n<ul>\n<li><strong>Single sign on URL<\/strong> - <em>https:\/\/&lt;UAG-FQDN&gt;\/portal\/samlsso<\/em><\/li>\n<li><strong>Use this for Recipient URL and Destination URL<\/strong> - make sure this option is enabled<\/li>\n<li><strong>Audience URI (SP Entity ID)<\/strong> - <em>https:\/\/&lt;UAG-FQDN&gt;\/portal<\/em><\/li>\n<\/ul>\n<p>Click <strong>Next<\/strong> at the bottom.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-large wp-image-57814\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-configure-saml-05-600x469.jpg\" alt=\"\" width=\"600\" height=\"469\" title=\"\"><\/p>\n<p>In the <strong>Feedback<\/strong> tab, the choice <strong>doesn't affect SAML<\/strong> configuration. Select <strong>I'm a software vendor. I'd like to integrate my app with Okta<\/strong> option to avoid further questions. Click <strong>Finish<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-large wp-image-57816\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-configure-saml-06-600x317.jpg\" alt=\"\" width=\"600\" height=\"317\" title=\"\"><\/p>\n<p>You are automatically redirected to <strong>Sign On<\/strong> tab. Click <strong>Copy<\/strong> to copy the URL to dowload the <strong>Identity Provider metadata<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-large wp-image-57818\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-configure-saml-07-600x582.jpg\" alt=\"\" width=\"600\" height=\"582\" title=\"\"><\/p>\n<p>Using your preferred browser, <strong>paste the copied URL<\/strong> and <strong>copy the metadata<\/strong> info displayed.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-large wp-image-57820\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-configure-saml-08-600x246.jpg\" alt=\"\" width=\"600\" height=\"246\" title=\"\"><\/p>\n<p>Paste the metadata in an editor and <strong>save the file as .xml<\/strong>\u00a0(<em>okta.xml<\/em> in the example).<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-large wp-image-57822\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-configure-saml-09-600x452.jpg\" alt=\"\" width=\"600\" height=\"452\" title=\"\"><\/p>\n<p>&nbsp;<\/p>\n<h4>Assign Users to application<\/h4>\n<p>Go to <strong>Assignments<\/strong> tab and select <strong>Assign &gt; Assign to Groups<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-large wp-image-57824\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-configure-saml-10-600x455.jpg\" alt=\"\" width=\"600\" height=\"455\" title=\"\"><\/p>\n<p>Select the appropriate groups and click <strong>Assign<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-full wp-image-57826\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-configure-saml-11.jpg\" alt=\"\" width=\"560\" height=\"557\" title=\"\"><\/p>\n<p>When the desired AD groups have been assigned, click <strong>Done<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-full wp-image-57828\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-configure-saml-12.jpg\" alt=\"\" width=\"560\" height=\"557\" title=\"\"><\/p>\n<p>The assigned Users\/Groups.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-large wp-image-57830\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-configure-saml-13-600x306.jpg\" alt=\"\" width=\"600\" height=\"306\" title=\"\"><\/p>\n<p>Check in the <strong>Application<\/strong> tab if the just created application is active.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-large wp-image-57832\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-configure-saml-14-600x296.jpg\" alt=\"\" width=\"600\" height=\"296\" title=\"\"><\/p>\n<p>&nbsp;<\/p>\n<h2>Configure SAML in the UAG<\/h2>\n<p>Login to UAG by entering the correct credentials. Click <strong>Login<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-full wp-image-57834\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-configure-saml-15.jpg\" alt=\"\" width=\"450\" height=\"500\" title=\"\"><\/p>\n<p>Click <strong>Select<\/strong> in the <strong>Configure Manually<\/strong> side.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-large wp-image-57836\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-configure-saml-16-600x395.jpg\" alt=\"\" width=\"600\" height=\"395\" title=\"\"><\/p>\n<p>Under <strong>Advanced Settings &gt; Identity Bridging Settings<\/strong> click the <strong>gear icon<\/strong> next to <strong>Upload Identity Provider Metadata<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-large wp-image-57838\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-configure-saml-17-600x692.jpg\" alt=\"\" width=\"600\" height=\"692\" title=\"\"><\/p>\n<p>In <strong>IDP Metadata<\/strong> field click <strong>Select<\/strong> and choose the <strong>Okta .xml file<\/strong> previously downloaded.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-large wp-image-57840\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-configure-saml-18-600x222.jpg\" alt=\"\" width=\"600\" height=\"222\" title=\"\"><\/p>\n<p>Click <strong>Save<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-large wp-image-57842\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-configure-saml-19-600x223.jpg\" alt=\"\" width=\"600\" height=\"223\" title=\"\"><\/p>\n<p>Now under <strong>General Settings<\/strong>, turn the <strong>Edge Service Settings<\/strong> on and click on the <strong>gear icon<\/strong> next to <strong>Horizon Settings<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-large wp-image-57844\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-configure-saml-20-600x458.jpg\" alt=\"\" width=\"600\" height=\"458\" title=\"\"><\/p>\n<p>Click <strong>More<\/strong> at the bottom.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-large wp-image-57846\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-configure-saml-21-600x657.jpg\" alt=\"\" width=\"600\" height=\"657\" title=\"\"><\/p>\n<p>Set <strong>Auth Methods<\/strong> as <a href=\"https:\/\/nolabnoparty.com\/en\/vmware-uag-configure-azure-mfa-saml\/\">SAML and Passthrough<\/a>. Select the appropriate <strong>Identity Provider<\/strong> from the drop-down menu (<em>http:\/\/www.okta.com\/xxxxxxx<\/em> in the example) and click <strong>Save<\/strong> at the bottom.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-large wp-image-57848\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-configure-saml-22-600x730.jpg\" alt=\"\" width=\"600\" height=\"730\" title=\"\"><\/p>\n<p>&nbsp;<\/p>\n<h2>Test connection to VDI<\/h2>\n<p>Using your favorite browser, enter the <strong>public URL<\/strong> to access your Horizon infrastructure. You are automatically <strong>redirected to the Okta login page<\/strong>.\u00a0Enter the <strong>Username<\/strong> and click <strong>Next<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-full wp-image-57850\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-configure-saml-23.jpg\" alt=\"\" width=\"574\" height=\"639\" title=\"\"><\/p>\n<p>Enter the <strong>Password<\/strong> and click <strong>Verify<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-full wp-image-57852\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-configure-saml-24.jpg\" alt=\"\" width=\"461\" height=\"623\" title=\"\"><\/p>\n<p>&nbsp;<\/p>\n<h4>First connection to Okta<\/h4>\n<p>The first time the user connects with Okta after verifying the password, the user is prompted to enter the <strong>Secondary email<\/strong>. Enter the email address then click <strong>Finish<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-full wp-image-57854\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-configure-saml-25.jpg\" alt=\"\" width=\"462\" height=\"562\" title=\"\"><\/p>\n<p>Applications that have been <strong>assigned to the user<\/strong> are displayed. Click the created <strong>VMware UAG application<\/strong> to access the VDI infrastructure.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-large wp-image-57856\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-configure-saml-26-600x234.jpg\" alt=\"\" width=\"600\" height=\"234\" title=\"\"><\/p>\n<p>As <strong>additional layer of security<\/strong> during the authentication process, you need to <strong>setup the preferred security method<\/strong> used to access. Select <strong>Okta Verify<\/strong> and click <strong>Set up<\/strong> to leverage token and push capabilities.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-full wp-image-57858\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-configure-saml-27.jpg\" alt=\"\" width=\"452\" height=\"634\" title=\"\"><\/p>\n<p>Install the <strong>Okta Verify application<\/strong> in your mobile and scan the QR code to configure your account.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-full wp-image-57860\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-configure-saml-28.jpg\" alt=\"\" width=\"415\" height=\"697\" title=\"\"><\/p>\n<p>Once the security method has been configured, select the preferred option (<strong>Get a push notification<\/strong> in the example) to access.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-full wp-image-57862\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-configure-saml-29.jpg\" alt=\"\" width=\"462\" height=\"689\" title=\"\"><\/p>\n<p>A push notification is sent to your mobile application.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-full wp-image-57864\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-configure-saml-30.jpg\" alt=\"\" width=\"461\" height=\"545\" title=\"\"><\/p>\n<p>From <strong>Okta Verify<\/strong> application grant the access by selecting <strong>Yes, It's Me<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-full wp-image-57866\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-configure-saml-31.jpg\" alt=\"\" width=\"419\" height=\"611\" title=\"\"><\/p>\n<p>If the authentication through Okta SAML completes successfully, you are signed to your Horizon VDI infrastructure.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-full wp-image-57868\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-configure-saml-32.jpg\" alt=\"\" width=\"439\" height=\"220\" title=\"\"><\/p>\n<p>The typical Horizon Client interface is displayed showing <strong>Desktop Pools and Applications<\/strong> the user is entitled. Select the desired Desktop Pool to access the VDI.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-large wp-image-57870\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-configure-saml-33-600x252.jpg\" alt=\"\" width=\"600\" height=\"252\" title=\"\"><\/p>\n<p>The VDI is now available and ready for the user.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-large wp-image-57872\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/06\/vmware-uag-okta-saml-integration-configure-saml-34-600x411.jpg\" alt=\"\" width=\"600\" height=\"411\" title=\"\"><\/p>\n<p>Okta SAML has been configured successfully and your users can now leverage <strong>MFA to securely access<\/strong> virtual desktops.<\/p>\n<p><img decoding=\"async\" title=\"signature\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/images\/firma.jpg\" alt=\"signature\" \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>When Active Directory is synced with Okta, you need to configure Okta SAML in your VMware UAG components to access the VDI infrastructure. Both Okta environment and VMware UAG must be configured accordingly to take advantage of SAML capability.<\/p>\n","protected":false},"author":3,"featured_media":57806,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rop_custom_images_group":[],"rop_custom_messages_group":[],"rop_publish_now":"initial","rop_publish_now_accounts":{"linkedin_93tdZWzMZc_93tdZWzMZc":"","facebook_2879994398731222_17841400390232720":"","twitter_113568041_113568041":"","mastodon_115463926174894442_115463926174894442":""},"rop_publish_now_history":[],"rop_publish_now_status":"pending","footnotes":""},"categories":[1025,2905],"tags":[668,2673,2448,2250],"class_list":["post-57796","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-horizon-en","category-omnissa-en","tag-authentication-en","tag-okta","tag-saml","tag-uag","has_thumb"],"_links":{"self":[{"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/posts\/57796","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/comments?post=57796"}],"version-history":[{"count":0,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/posts\/57796\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/media\/57806"}],"wp:attachment":[{"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/media?parent=57796"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/categories?post=57796"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/tags?post=57796"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}