Dash Enterprise Administration
4.3.1
4.3.1
  • Changelog
  • Installation
    • Capacity Planning
      • Dash Enterprise Single Server
      • Dash Enterprise for Kubernetes
    • Before you install
    • Dash Enterprise Single Server
      • Installation on cloud provider
      • On-premise installation on own server
      • Fully offline installation
    • Dash Enterprise Kubernetes
      • Amazon Web Services resource prerequisites
      • Google Cloud Platform resource prerequisites
      • Microsoft Azure resource prerequisites
  • Configuration
    • Set up your Server Manager
    • Run preflight checks
    • Configure basic settings
    • Authentication settings
      • Built-in local authentication
      • LDAP authentication
      • SAML authentication
    • Dash Enterprise Kubernetes additional required configuration
    • Configure optional settings
    • Add SELinux permissions to mapped directories
    • Other options and customizations
    • Using Snapshots & Backups
    • Running and logging into Dash Enterprise
    • Next steps
  • Advanced Configuration
    • General troubleshooting and problem solving
      • Dash Enterprise Kubernetes
    • Load balancer configuration
    • Reverse proxy setup instructions
    • Docker storage driver requirements and considerations
    • Import an LDAPS certificate from Active Directory into Dash Enterprise
    • Transfer Dash Enterprise to a new server
    • Sync license changes
    • Change channels for an upgrade
    • Admin panel reference
    • Configure Dash Enterprise to use common SAML IdPs
      • Active Directory Federation Services (AD FS)
      • PingFederate
      • Okta
    • Configure Dash Enterprise to use common LDAP IdPs
      • Okta
  • Upgrade
    • Prepare for the upgrade
    • Upgrade
      • Dash Enterprise Single Server
      • Dash Enterprise for Kubernetes
    • After the upgrade
  • Advanced Troubleshooting
    • Dash Enterprise Architecture and Internals
    • Navigating the System
    • Navigating the Support Bundle
    • Getting Help and Reporting Issues
    • Troubleshooting Specific Issues
Powered by GitBook
On this page
  • Setup
  • Adding to Okta
  • Adding to Dash Enterprise
  • Assigning Users
  • Admin Users
  • Single User Assignment
  • Group Assignment
  • Enabling Single Logout (SLO)

Was this helpful?

  1. Advanced Configuration
  2. Configure Dash Enterprise to use common SAML IdPs

Okta

This document applies to Dash Enterprise version 3.3+ and Okta Identity Cloud.

PreviousPingFederateNextConfigure Dash Enterprise to use common LDAP IdPs

Last updated 2 years ago

Was this helpful?

Setup

Please note that these steps assume a Dash Enterprise domain of https://dash.example.com. Please substitute your Dash Enterprise domain as appropriate.

Adding to Okta

1- As an admin, login to Okta and browse to the “Applications” page.

2- In the top-left, click the “Add Applications” button.

3- On the left-hand side, click the “Create New App” button.

4- Within the modal that appears, ensure that:

  • Platform is set to Web

  • Sign on Method is set to SAML 2.0

5- On the "General Settings" page, set the App name field to Dash Enterprise and click the "Next" button.

6- On the “SAML Settings” page, set the values as follows and click the “Next” button:

The trailing slash is required!

  • Use this for Recipient URL and Destination URL: Checked

  • Allow this app to request other SSO URLs: Unchecked

  • Default RelayState: Leave empty

  • Name ID format: “Unspecified”

  • Application username: Email prefix

  • Update application username on: Create and update

7- Optional: Group information can be passed to Dash Enterprise by configuring a group attribute statement within Okta. The name of the attribute will need to be set as groups and the filter can be set as desired. For instance, to return all Okta groups, to which a user is a member, the Matches regex filter can be used and set to .* as displayed below.

8- On the “Okta support” page, set the answer for the question Are you a customer or partner? to I’m an Okta customer adding an internal app. Leave all the other questions empty and click the “Finish” button.

Adding to Dash Enterprise

1- As an admin, login to Okta and browse to the “Applications” page.

2- Click on the created “Dash Enterprise” app.

3- On the “Sign On” tab, copy the url linked as “Identity Provider metadata”. This is necessary for configuring the IdP on Dash Enterprise.

4- Assign at least one user to your Dash Enterprise app (see section on that below). If not you’ll see an error message upon attempting login like:

6- Browse to the “Settings” page.

7- On the “Settings” page, scroll down to the “SAML 2 Authentication” section and check Enable SAML 2 Authentication toggle.

8- Set the following options in this section (leave unspecified options as is):

  • Enter a URL to the IdP (remote) metadata: Selected

  • IdP (remote) Metadata URL: The url previously copied from Okta

  • Use name_id from IdP as Plotly Username: Checked

  • Automatically generate local certificates and keys for SAML: Selected

  • Enable encryption when communicating with IdP: Checked

9- Scroll down and click “Save” and then restart Dash Enterprise.

Assigning Users

To enable users in Dash Enterprise, you may either assign groups of users or provision specific users.

Please note that provisioning users via Okta’s SAML2 service does not circumvent Dash Enterprise licensing limits. Please contact your sales representative to increase the number of Dash App Creators if necessary.

At this time, only admin users may create applications.

Admin Users

At this time, there is a limit of one (1) admin user.

  1. Browse to the “Settings” page.

  2. On the “Settings” page, scroll down to the “Administrator Credentials”.

  3. Check the Create admin user toggle and set the username who should be an admin in the Admin Username box.

  4. Scroll down and click “Save” and then restart Dash Enterprise.

Single User Assignment

1- As an admin, login to Okta and browse to the “Applications” page.

2- Click on the created “Dash Enterprise” app.

3- On the “Assignments” tab, click the “Assign” button dropdown, and click the “Assign to People” option.

4- In the “Assign Dash Enterprise to People” modal, search for the person you wish to add and click the “Assign” button next to their name.

5- Leave the username as their email prefix and click “Save and Go Back”.

6- Click the “Done” button.

Group Assignment

1- As an admin, login to Okta and browse to the “Applications” page.

2- Click on the created “Dash Enterprise” app.

3- On the “Assignments” tab, click the “Assign” button dropdown, and click the “Assign to Groups” option.

4- In the “Assign Dash Enterprise to Group” modal, search for the group you wish to add and click the “Assign” button next to their name.

5- Click the “Done” button.

Enabling Single Logout (SLO)

1- As an admin, login to Okta and browse to the “Applications” page.

2- Click on the created “Dash Enterprise” app.

3- In the General settings tab, on the SAML Settings panel, click Edit.

4- In the SAML configuration wizard, click Next to move to step 2 Configure SAML.

5- On the Configure SAML page, click Show Advanced Settings.

6- Select the check box to Allow application to initiate Single Logout.

9- Signature Certificate:

  • SSH into your instance

  • Copy the certificate from dashauth container:

sudo docker cp dashauth:/var/www/streambed/saml2/signing.crt signing.crt
  • Download the file from the instance

tsh scp username@instance_address:/home/username/signing.crt ~/local_directory/
  • Upload it to the site (important: ensure you don’t have any ad blockers enabled, as they tend to disable the “Upload Certificate” button)

10- Response: unsigned

11- Authentication context class: unspecified

12- Honor Force Authentication: No

13- Click Next, click Finish.

14- In Server Manager**:** under SAML, enable Signed AuthnRequests

Single sign-on URL:

Audience URI (SP Entity ID):

5- Browse to your replicated admin at

Browse to your replicated admin at

7- Single Logout URL:

8- SP Issuer:

https://dash.example.com/Auth/saml2/acs/
https://dash.example.com/Auth/saml2/metadata/
https://dash.example.com:8800
https://dash.example.com:8800
https://dash.example.com/Auth/saml2/ls/post/
https://dash.example.com/
Auth/saml2/metadata/