Integrating Okta as a 3rd party IdP with Symantec MyVIP / VIP Manager access
search cancel

Integrating Okta as a 3rd party IdP with Symantec MyVIP / VIP Manager access

book

Article ID: 151007

calendar_today

Updated On:

Products

VIP Service

Issue/Introduction

 This KB article provides steps to integrate Okta as a 3rd-party IdP with Symantec MyVIP (self-service) and VIP Manager.

Environment

VIP Integrations

Cause

VIP Manager,My VIP, and the Self Service Portal are applications in the VIP Cloud and require access through an IdP. VIP Enterprise Gateway provides secure IdPs for access. Other SAML 2.0-compliant single sign-on IdPs, including Okta, can be used to extend that single sign-on functionality to VIP Services without having to configure an additional VIP Enterprise Gateway-provided IdP.

Resolution

Instructions for integrating Okta as a 3rd-party IdP for use with MyVIP login

Note: Additional instructions for adding VIP Manager and Self-Service portal access are in the third-party Identity Providers (IdPs) for VIP Services guide. 

1) Log into your Okta organization using your Administrator account.
2) Click the blue Admin button.
3) Click Add Application.
4) Click the green Create New App button.
5) Select Platform as Web, select Sign-on method as SAML 2.0, then click Create.
 
6) Click Create to continue.
7) Enter MyVIP as the app name.
8) Choose the appropriate level of app visibility for your organization.
9) Click Next to continue.
10) Enter the following values for the SAML Integration 
Single sign-on URL: https://login.vip.symantec.com/viplogin/saml2/SSO
Audience URI (SP Entity ID): login.vip.symantec.com/viplogin
Default Relay State: https://login.vip.symantec.com/viplogin/home/home?successUrl=<>?errorUrl=<>?cancelUrl=<> (note: enter your organization-specific success, error and cancel URLs)
11) Enter your organization's values for Name ID formatApplication username, and Update application username on
12) Optional: To Enable OOB authentication, under ATTRIBUTE STATEMENTS, add a new attribute Email and map it user.email
13) Click the Download Okta Certificate button and download the certificate. 
 
14) Click Next to continue.
15) Choose I am an Okta customer adding an internal app, then click Finish.
16) The Sign On section of your newly created Example SAML Application application appears.
17) Click View Setup Instructions. This will display a value for the Identity Provider Issuer. Copy this value (ctrl+c). Leave these windows open for later steps. 
18) In a new tab or separate browser window, open VIP Manager, navigate to Accounts, then click the Single sign-on tab. 
19) Click Edit next to IDP Service Settings.
19) Paste the Identity Provider Issuer from step 17 into the Entity ID field. 
20) Click Choose File and upload the Okta certificate downloaded in step 13.
21) Click Submit
22) Navigate back to the Okta tab. Click Assignments.
23) Assign the MyVIP app to your Organization’s users.
 

Testing the URL

1) Navigate to the Identity Provider Single Sign-On URL.
2) Enter the username and password of a user who has been assigned the MyVip app. 
3) Upon successful first-factor authentication, the user will navigate to VIP Login for second-factor authentication.
4) Upon successful second-factor authentication, the user can configure their VIP Credential in the MyVip application.
 

VIP MANAGER SSO

The Name ID value for VIP Manager access is EMAIL. A valid email address format is expected.  
 
Powered by Wolken Software