Use this procedure to configure a new application for SSO on the OKTA administration portal.
When configuring the application, you obtain an identity provider alias and configuration file. You will need this data later when configuring an OKTA SAML v2.0 identity provider on Keycloak.
Before you begin
Register an account on OKTA.
Install the OKTA Verify application. This application is required to log in to your account as an administrator. For information, see OKTA Verify.
Procedure
Log in to your OKTA account as an administrator.
Navigate to Application.
Click Add Application.
On the Add Application page, click Create New App.
OKTA displays the Create a New Application Integration window.
In the Create a New Application Integration window, do the following:
In Platform, select Web.
In Sign on method, select SAML 2.0.
Click Create.
On the General Settings tab, in App name, type a name of your choice for the application and then click Next.
On the Configure SAML tab, configure the following settings:
In Single sign on URL, enter https://<AADS FQDN>/auth/realms/SolutionRealm/broker/<IPD ALIAS>/endpoint.
In this string, <AADS FQDN> is the Avaya Aura® Device Services front-end FQDN. <IDP alias> is an identity provider alias of your choice. For example, oktaSAML.
Select the Use this for Recipient URL and Destination URL check box.
In Audience URI (SIP Entity ID), enter https://<AADS FQDN>/auth/realms/SolutionRealm/broker/<IPD ALIAS>/endpoint.
In this string, <AADS FQDN> is the Avaya Aura® Device Services front-end FQDN. <IDP alias> is an identity provider alias of your choice. For example, oktaSAML.
For other fields, keep default values.
Remember the identity provider alias that you used in the previous step.
You will use this alias later when creating an OKTA SAML v2.0 provider on Keycloak.
