Configure SSO with Okta

This guide covers the configuration steps required to integrate NeoLoad Web with Okta. It's designed for collaboration between IdP administrators and NeoLoad Web administrators.

For general SSO concepts and additional configuration options, check out Single Sign-On.

Before you start

Make sure you meet the following prerequisites:

  • Administrative access to your Okta tenant (opens in new tab).

  • Administrative access to NeoLoad Web.

  • The NeoLoad Web domain URL where users will access the application.

  • Understanding of SAML 2.0 authentication concepts.

Configure Okta

To integrate NeoLoad Web with Okta, you add NeoLoad Web to Okta. For information on how to create applications in Okta, check out the Okta documentation (opens in new tab).

For NeoLoad Web, make sure you configure the following:

  • Single sign on URL: Set to https://<your-NLW-domain>/sso/saml.

  • Audience URI (SP Entity ID): Set to a unique identifier that you'll use in NeoLoad Web.

  • firstName attribute statement: Map to user.firstName.

  • lastName attribute statement: Map to user.lastName.

  • Assertion signing: Enable (required for NeoLoad Web compatibility).

Configure NeoLoad Web

After configuring Okta, set up the SSO configuration in NeoLoad Web:

  1. Sign in to NeoLoad Web as an administrator.

  2. Go to Settings > SSO and select Create.

  3. To upload the identity provider metadata, select IDP Metadata and paste the SAML metadata content that you obtained from Okta.

  4. Select Edit Configuration and set the SP Entity ID to match the audience URI you configured in Okta. Configure any required certificates and private keys for signing or encryption in PEM format.

  5. Choose Force authentication if you want users to authenticate each time they access NeoLoad Web.

  6. To validate the setup, select Test SAML request generation.

  7. Set the Activation status to Active. Double-check that the status indicator shows green, otherwise SSO won't function properly.

Troubleshoot common issues

If you encounter problems during setup or testing, verify the following things:

  • The Entity ID values match exactly between Okta and NeoLoad Web.

  • The single sign-on URL in Okta matches your NeoLoad Web domain.

  • The required user attributes (firstName and lastName) are properly mapped in the attribute statements.

  • Users are assigned to the application in Okta.

  • The SAML metadata you've pasted into NeoLoad Web is complete and accurate.

  • Assertion signing is enabled in Okta.