Backup integration with Okta
Okta integration allows Patronum Backup (powered by Afi) users to connect Okta company account to their backup account and set up Okta SSO. Patronum backup supports both service provider-initiated and identity-provider initiated authentication flows providing a seamless login experience for Okta users.
The following section explains how to integrate Patronum backup with your Okta account.
As a first step, please log in to your Okta administrator account and install the Afi application from Okta Integrations marketplace.
Create the application in your Okta directory with the suggested settings:
Once the application is created, go to the Sign On tab and click on View SAML setup instructions button in the bottom of the page.
On the SAML setup instructions page you will find the following items that are required for further configuration:
Identity Provider Single Sign-On URL
Identity Provider Issuer
X.509 Certificate
Okta Company ID
Now you are ready to finish Okta authentication configuration on Patronum backup side. Please go to the Service → Settings → Okta tab in the backup portal, fill the provided fields and press Save.
You can assign users who should be able to access Afi through Okta via the application's Assignments tab:
Please note that Okta integration maps users from Okta with already existing user accounts from Afi and doesn’t provision new Afi accounts. Afi account model in turn relies on the connected Google Workspace and synchronizes account list with them. Since this resource synchronisation happens once per 24 hours, in rare cases there might be a situation when Okta user has just been created, but there is no corresponding user account on Afi side. If this happens, Afi account administrator needs to manually trigger resources synchronisation by clicking on the wheel icon in the top-right corner of Service → Protection screen in Backup panel.
Afi supports both service provider-initiated and identity provider-initiated authentication flows.
Service provider-initiated flow starts on the custom Afi login screen for Okta (https://backup.patronum.io/login-okta) where a user is prompted to enter their Okta company ID and then proceed with Okta authentication. Upon successful authentication, the user will be redirected to the Patronum Backup panel.
Identity provider-initiated flow starts from a user’s home page in Okta (My Applications). In this flow user clicks on the Afi application icon, then Afi application communicates with Okta to authenticate the user (it happens transparently to the user and doesn’t require to enter credentials since the user is already authenticated with Okta) and in case of success redirects the user to Afi Backup panel.
How to enable authentication with Okta
The following section explains how to integrate Patronum backup with your Okta account.
Step 1 - Install Afi application from Okta marketplace
As a first step, please log in to your Okta administrator account and install the Afi application from Okta Integrations marketplace.
Create the application in your Okta directory with the suggested settings:
Step 2 - Setup authentication
Once the application is created, go to the Sign On tab and click on View SAML setup instructions button in the bottom of the page.
On the SAML setup instructions page you will find the following items that are required for further configuration:
Identity Provider Single Sign-On URL
Identity Provider Issuer
X.509 Certificate
Okta Company ID
Now you are ready to finish Okta authentication configuration on Patronum backup side. Please go to the Service → Settings → Okta tab in the backup portal, fill the provided fields and press Save.
Step 3 - Add users to the application
You can assign users who should be able to access Afi through Okta via the application's Assignments tab:
Please note that Okta integration maps users from Okta with already existing user accounts from Afi and doesn’t provision new Afi accounts. Afi account model in turn relies on the connected Google Workspace and synchronizes account list with them. Since this resource synchronisation happens once per 24 hours, in rare cases there might be a situation when Okta user has just been created, but there is no corresponding user account on Afi side. If this happens, Afi account administrator needs to manually trigger resources synchronisation by clicking on the wheel icon in the top-right corner of Service → Protection screen in Backup panel.
Authentication modes
Afi supports both service provider-initiated and identity provider-initiated authentication flows.
Service provider-initiated authentication
Service provider-initiated flow starts on the custom Afi login screen for Okta (https://backup.patronum.io/login-okta) where a user is prompted to enter their Okta company ID and then proceed with Okta authentication. Upon successful authentication, the user will be redirected to the Patronum Backup panel.
Identity provider-initiated authentication
Identity provider-initiated flow starts from a user’s home page in Okta (My Applications). In this flow user clicks on the Afi application icon, then Afi application communicates with Okta to authenticate the user (it happens transparently to the user and doesn’t require to enter credentials since the user is already authenticated with Okta) and in case of success redirects the user to Afi Backup panel.
Updated on: 26/09/2023
Thank you!