Configure SSO with Okta

This guide covers the configuration steps required to integrate NeoLoad Web with Okta. It's designed for collaboration between IdP administrators and NeoLoad Web administrators.

For general SSO concepts and additional configuration options, check out Single Sign-On.

Before you start

Make sure you meet the following prerequisites:

  • Administrative access to your Okta tenant (opens in new tab).

  • Administrative access to NeoLoad Web.

  • The NeoLoad Web domain URL where users will access the application.

  • Understanding of SAML 2.0 authentication concepts.

Configure Okta

To integrate NeoLoad Web with Okta, add NeoLoad Web as a SAML application in Okta. For information on how to create applications in Okta, check out the Okta documentation (opens in new tab).

For NeoLoad Web, configure the following:

  • Single sign on URL: Set to https://<your-NLW-domain>/sso/saml.

  • Audience URI (SP Entity ID): Set to a unique identifier that you'll use in NeoLoad Web.

  • firstName attribute statement: Map to user.firstName.

  • lastName attribute statement: Map to user.lastName.

  • Assertion signing: Enable (required for NeoLoad Web compatibility).

Configure NeoLoad Web

After configuring Okta, set up the SSO configuration in NeoLoad Web:

  1. Sign in to NeoLoad Web as an administrator and go to Settings > SSO configuration.

  2. In the Service provider configuration section, configure the following:

    • Service provider entity ID: Set to match the audience URI you configured in Okta.

    • Configure any required certificates and private keys for signing or encryption in PEM format.

    • Always require authentication: Enable if you want users to authenticate each time.

  3. Select Save, then select Edit IdP metadata and paste the SAML metadata content from Okta.

  4. Select Test SAML request generation to validate the setup.

  5. Enable the Enable SSO toggle. Double-check that the status badge shows Active (green), otherwise SSO won't function properly.

Configure auto-provisioning

After completing the SSO configuration, you can control whether new users are automatically created when they first authenticate through Okta.

  1. Select the Auto-provisioning tab.

  2. Toggle Enable auto-provisioning of SSO users:

    • Enabled: New Okta users are automatically provisioned when they authenticate.

    • Disabled: Only existing users can authenticate via SSO.

Troubleshoot common issues

If you encounter problems during setup or testing, verify the following:

  • The Entity ID values match exactly between Okta and NeoLoad Web.

  • The single sign-on URL in Okta matches your NeoLoad Web domain.

  • The required user attributes (firstName and lastName) are properly mapped in the attribute statements.

  • Users are assigned to the application in Okta.

  • The SAML metadata you've pasted into NeoLoad Web is complete and accurate.

  • Assertion signing is enabled in Okta.