Identity
Configure Okta as an IdP in the Cloud Identity Engine (Custom)
Table of Contents
Configure Okta as an IdP in the Cloud Identity Engine (Custom)
Learn about configuring Okta as an IdP in CIE.
Palo Alto Networks strongly recommends that you integrate Okta as a gallery
application. However, if you want to configure the Okta integration as a custom
application, complete the following steps.
- Log in to the Okta Admin Console and select .
![]()
Click Create App Integration.![]()
Select SAML 2.0 as the sign-on method then click Next.![]()
Enter an App name then click Next.![]()
Copy the SP Metadata information from the Cloud Identity Engine and enter it in the Okta Admin Console as described in the following table:Copy from Cloud Identity Engine Enter in Okta Admin Console Copy the Assertion Consumer Service URL in step 3. Enter the URL as the Single sign on URL. Copy the Entity ID in step 3. Enter it as the Audience URI (SP Entity ID). ![]()
Specify the Name ID format and optionally the Application username.You must configure at least one SAML attribute that contains identification information for the user (usually the username attribute) for the attributes to display in the Cloud Identity Engine. To configure administrator access, you must also enter values for the accessdomain attribute and for the adminrole attribute that match the values on the firewall.![]()
Click Finish to save the configuration.Next Steps: - Learn how to Associate the Cloud Identity Engine with Palo Alto Networks Apps to take advantage of more capabilities for the Cloud Identity Engine.
- If you have a PAN-OS firewall, find out how to Configure the Cloud Identity Engine as a Mapping Source on the Firewall or Panorama so you can use the Cloud Identity Engine in conjunction with the firewall to strengthen your security posture.
