How to Integrate SSO with Okta
November 29, 2024
Curious?
Reveal the Magic!
Please fill out the form to unlock your exclusive content!
Overview
QueryPie supports Okta integration, allowing you to synchronize users and groups from Okta to grant access and enforce policies. This integration provides a streamlined and convenient experience for your users while maintaining strict security policies. By integrating with Okta, QueryPie enhances the security, operational efficiency, and user experience of your databases and systems management ecosystem.
Setting Up Okta Integration and Synchronization in QueryPie
STEP 1 In QueryPie, go to Administrator > General > User Management > Authentication.
STEP 2 Enter the following information.
- Type: Okta
- Identity Provider Metadata: Access the URL specified in the Metadata URL in a separate tab, copy the displayed XML information, and paste it here.
STEP 3 If you want to set up automatic synchronization, check "Use Synchronization with the Authentication System" and enter the following details.
- API URL: Click your profile in the top right corner of the Okta admin page to find the URL in the format
{domain}.okta.com
. - API Token: Enter the Okta Admin API token.
- Application ID: Enter this only if you use more than one QueryPie App in Okta.
- Go to Okta Admin > Applications, and check the URL in the top bar, where the Application ID is displayed (as shown in the provided screenshot).
STEP 4 Configure the Scheduling option under the Replication Frequency field.
STEP 5 Click the Dry Run
button to verify that the integration details have been entered correctly, and then click Save Changes
to save.
STEP 6 Finally, click the Synchronize
button to sync users from Okta.
Preparation for Okta Integration
Before registering Okta in QueryPie, you must first register QueryPie in the Okta service.
(This step is required only once.)
STEP 1 Adding QueryPie as an Application in Okta.
- Log in to the Okta admin console using an administrator account.
- Go to Applications > Applications, click the
Browse App Catalog
button, and search for QueryPie. - On the QueryPie application page, click the
Add Integration
button. - Confirm that QueryPie is entered in the Application Label field, then click the
Done
button to add the application.
STEP 2 Setting Up a Profile Editor.
- Go to Directory > Profile Editor and click on QueryPie User from the list of profiles.
- In the Attributes settings, click the Add Attribute button and enter the following four items in order, then save:
- Display name : firstName / Variable name : firstName
- Display name : lastName / Variable name : lastName
- Display name : email / Variable name : email
- Display name : loginId / Variable name : loginId
- After confirming that the four attributes have been added, click the
Mappings
button. - Associate the Okta User Profile Attribute entries with the corresponding attributes in your QueryPie User Profile as follows:
- user.firstName ↔︎ firstName
- user.lastName ↔︎ lastName
- user.email ↔︎ email
- user.email ↔︎ loginId (Use Okta's email entry as the Login ID for QueryPie.)
- Click the
Save Mappings
button to save.
STEP 3 Assigning Users to QueryPie Applications.
- Go to the Applications > Applications menu and click on the QueryPie application.
- Go to the Assignments tab and click the
Assign
button to choose eitherAssign to People
orAssign to Group
. - Assign the users or groups you want to grant access to QueryPie using their Okta accounts, and then click the
Done
button.
- When assigning to People, verify the user information and click the
Save and Go Back
button. - When assigning to Group, leave the loginId field blank and click the
Save and Go Back
button.
STEP 4 Setting Up QueryPie Application Integration Information in Okta.
- Go to the Applications > Applications menu and then go to the Sign On tab.
- In the Settings area, click the
Edit
button, enter the domain address where QueryPie is installed in the Base URL field, and save it.