tencent cloud

피드백

Okta Single Sign-On

마지막 업데이트 시간:2024-01-23 17:46:25

    Overview

    Okta is a solution provider for identification and access management. Tencent Cloud supports identity federation with Security Assertion Markup Language 2.0 (SAML 2.0). SAML 2.0 is an open standard used by many identity providers (IdPs). SAML 2.0-based federation can be used to integrate Okta with Tencent Cloud. Then, federated single sign-on (SSO) can be implemented by using an Okta account, and admins can authorize users that have their federated identity authenticated to log in to the Tencent Cloud console for resource management, eliminating the need to create a CAM sub-user for each employee in the organization.

    Directions

    Creating an Okta application

    Note:
    This step creates an Okta application. If you are already using one, skip this operation go straight to configuring CAM.
    1. Log in to the Okta website, click your username, and select Your Org in the top-right corner as shown below:
    
    
    2. On the Okta homepage, click Admin in the top-right corner to enter
    the Admi
    n page.
    3. On the Admin page, select Applications to go to the application man
    agemen
    t page as shown below:
    
    
    4. On the application management page, click Add Application.
    5. On the Add Application page, click Create New App as shown below:
    
    
    6. In the Create a New Application Integration pop-up window, select the platform, set the sign-on method to SAML 2.0, and click Create as shown below:
    
    
    7. On the General Settings page, set App name, App logo (optional), and App visibility (optional) and click Next. This application can be used to integrate with Tencent Cloud to implement Okta SSO to the Tencent Cloud console for resource management.

    Configuring SAML for the Okta application

    Note:
    This step maps Okta application attributes to Tencent Cloud attributes to create trust between Okta and Tencent Cloud.
    If you followed the steps in Creating an Okta application to create your application, you can go straight to step 3.
    1. Go to the application management page, and click the name of the application you created.
    2. On the General page, click Edit in the SAML Settings section, confirm the current App name, App logo (optional), and App visibility (optional), and click Next to enter the Configure SAML page.
    3. In the Co
    nfig
    ure SAML page, add the following information to Single sign on URL and Audience URL(SP Entity ID) under GENERAL as shown below:
    
    You can configure it based on the site of your Tencent Cloud account:
    Site
    Single sign on URL
    Audience URL(SP Entity ID)
    Tencent Cloud International
    https://www.tencentcloud.com/login/saml
    www.tencentcloud.com
    4. In the Configure SAML page, add the following information to ATTRIBUTE STATEMENTS under GENERAL as shown below:
    
    
    Name
    Name format
    Value
    https://cloud.tencent.com/SAML/Attributes/Role
    Unspecified
    qcs::cam::uin/{AccountID}:roleName/{RoleName},qcs::cam::uin/{AccountID}:saml-provider/{ProviderName}
    https://cloud.tencent.com/SAML/Attributes/RoleSessionName
    Unspecified
    okta
    Note: Replace {AccountID}, {RoleName}, and {ProviderName} under Value with the following content:
    {AccountID}: Replace this with your Tencent Cloud account ID. You can view this in Account Information in the console.
    {RoleName}: Replace this with the role name you have created in Tencent Cloud for the IdP. For more information, see Creating Role. Role names can be viewed in Role in the console. If you need to add more, you can add them in this format: qcs::cam::uin/{AccountID}:roleName/{RoleName}. Separate them by semicolons.
    {ProviderName}: Replace this with the SAML IdP name that you created on Tencent Cloud. You can view this in IdPs in the console.
    5. Click Next to enter the Feedback page. Select the following information and click Finish to complete the CAM configuration as shown below:
    
    

    Configuring SAML integration for the Okta application

    Note:
    This step configures the trust relationship between Okta and Tencent Cloud.
    1. Log in to Admin page, and select Applications to go to the application management page.
    2. On the application management page, click the name of the application you created to enter the application details page. Click Sign On as shown below:
    
    
    3. On the Sign On page, click Identity Provider metadata to view the metadata of the IdP as shown below:
    
    
    4. After obtaining the identity provider metadata, you can right click on the viewing page to save it locally.
    5. Create the SAML identity provider and roles in Tencent Cloud. For more information, see Creating IdP.

    Configuring an Okta user

    Note:
    This step assigns Tencent Cloud SSO access permissions to Okta users.
    1. Log in to the Admin page and click Directory > People to enter the user management page as shown below:
    
    
    2. On the user management page, click Everyone in the top-left corner. Locate the target user as shown below:
    
    
    3. Click the username to enter the user details page. Click Assign Applications in the top-left corner as shown below:
    
    
    4. In the Assign Applications pop-up window, click Done to complete the configuration of the Okta user as shown below:
    
    
    5. Go to the application management page , and click the name of the application you created to enter the application details page..
    6. In the application details page, select General. Copy Embed Link under the App Embed Link box and log in to the Tencent Cloud console.
    문의하기

    고객의 업무에 전용 서비스를 제공해드립니다.

    기술 지원

    더 많은 도움이 필요하시면, 티켓을 통해 연락 바랍니다. 티켓 서비스는 연중무휴 24시간 제공됩니다.

    연중무휴 24시간 전화 지원