5th January, 2021
3 Min read
Book a Demo
Unlike many other applications, Okta doesn’t have a ready-made SAML integration for Akamai for SSO, and getting it to work requires another step in Okta’s API.
Allow us save you a few hours with this step-by-step guide. You’re welcome!
Reduce your AWS costs by over 50%
Discover your Cloud Saving Potential – Answer just 5 simple questions. AppsFlyer, Playtika, Lufthansa, IBM, top leading companies are already using our FinOps services.
These are the steps needed in Okta’s UI:
1. Create a new SAML2.0 app in Okta
2. Give it a name and a logo and continue to Configure SAML
3. Fill the following:
Continue, provide Okta feedback (optional) and Finish and we’re ready to move on to the fun part.
Steps needed in Okta’s APIs:
Okta’s certificates are valid for 10 years by default. Akamai doesn’t trust certificates who’s expiry date is over 5 years. Something needs to be done! This tutorial uses Postman, so if you want to follow it, download and install Postman and Okta’s Apps postman collection https://app.getpostman.com/run-collection/4857222012c11cf5e8cd
I’ll also provide quick and dirty curl commands
curl -X POST
'https://{{oktaDomain}}/api/v1/apps/{{appId}}/credentials/keys/generate?validityYears=5'
-H 'Accept: application/json'
-H 'Accept-Encoding: gzip, deflate'
-H 'Authorization: SSWS {{APIKEY}}'
-H 'Cache-Control: no-cache'
-H 'Connection: keep-alive'
-H 'Content-Length: 0'
-H 'Content-Type: application/json'
-H 'Host: {{oktaDomain}}'
-H 'User-Agent: PostmanRuntime/7.19.0'
-H 'cache-control: no-cache'
curl -X GET
https://{{oktatenant}}/api/v1/apps/{{appId}}
-H 'Accept: application/json'
-H 'Accept-Encoding: gzip, deflate'
-H 'Authorization: SSWS {{API token}}'
-H 'Cache-Control: no-cache'
-H 'Connection: keep-alive'
-H 'Content-Type: application/json'
-H 'Cookie: JSESSIONID=D0C79026910B893FA804BA0A6868E373'
-H 'Referer: http://{{oktatenant}}/api/v1/apps/{{appId}}'
-H 'cache-control: no-cache’ --compressed
curl -v -X PUT
-H "Accept: application/json"
-H "Content-Type: application/json"
-H "Authorization: SSWS ${api_token}"
-d '{
"name": “{{appname}}",
"label": “{{label}}",
"signOnMode": "SAML_2_0",
"credentials": {
"signing": {
"kid": “${kid}"
}
}
}' "https://${yourOktaDomain}/api/v1/apps/${aid}”
Done! By default SSO is enabled but not enforced, so on sign in you can decide how you want to log in. You can force SSO if you want to.
Schedule a call with our experts. Discover new technology and get recommendations to improve your performance.