Skip to content
Datawiza DocsDatawiza Docs
Ask Questionsopen in new window
Homeopen in new window
Sign Upopen in new window
  • Overview
    • Architecture
      • Prerequisites
        • Upgrading
            • Secure a Web App Using Auth0
              • Secure a Web App Using Azure AD
                • Secure a Web App Using Azure AD B2C
                  • One Click Integration With Azure AD
                    • Secure a Web App Using Azure AD SAML
                      • Secure a Web App Using Cognito
                        • Secure a Web App Using Github
                          • Secure a Web App Using Google
                            • Secure a Web App Using Google Workspace (previously G Suite)
                              • Secure a Web App Using Keycloak
                                • Secure a Web App Using Okta
                                  • Secure a Web App Using Okta SAML
                                    • Preview
                                      • Part I: Okta SAML Configuration
                                        • Part II: Create Application on Datawiza Cloud Management Console (DCMC)
                                          • Part III: Run DAP With a Header-Based Application
                                            • Part IV: Pass User Attributes to the Header-Based App
                                              • Part V: Achieve Granular Access Control
                                              • Secure a Web App Using PingOne
                                                • Secure a Web App Using Twitter
                                                  • Deploy Datawiza Access Proxy with a Web App using Kubernetes
                                                    • Deploy Datawiza Access Proxy using Helm
                                                      • Secure Multiple Web Apps Using Different IdPs
                                                        • Secure a Web App Using Multiple IdPs
                                                          • Enable B2B Single Sign-On (SSO) for a SaaS Application
                                                          • FAQ

                                                            Secure a Web App Using Okta SAML

                                                            timer iconAbout 2 min

                                                            On This Page
                                                            • Preview
                                                            • Part I: Okta SAML Configuration
                                                            • Part II: Create Application on Datawiza Cloud Management Console (DCMC)
                                                            • Part III: Run DAP With a Header-Based Application
                                                            • Part IV: Pass User Attributes to the Header-Based App
                                                            • Part V: Achieve Granular Access Control

                                                            # Enable SSO and Granular Access Control For A Header-Based Web App with Okta SAML

                                                            # Preview

                                                            In this tutorial, we will use the Datawiza Access Proxy (DAP) to enable SSO and granular access control for a header-based web App. The IdP we will use is Okta SAML. We will use DAP's sidecar deployment mode, which means DAP and this app are running on the same server.

                                                            • The application will run on localhost:3001.
                                                            • The DAP will run on localhost:9772, which means the traffic to the app will reach DAP (running on port 9772) first and then be proxied to the application (running on port 3001).
                                                            • We will provide the docker images for the DAP and this header-based application.

                                                            # Part I: Okta SAML Configuration

                                                            You will need to register a SAML application on Okta developer console and get the following value for this application:

                                                            • Metadata Url

                                                            This value will later be used to set up Datawiza Access Proxy in Datawiza Cloud Management Console. Please follow IdP Configuration Guide: Okta SAML instructions on how to get this key/value.

                                                            # Part II: Create Application on Datawiza Cloud Management Console (DCMC)

                                                            You need to create an application and generate a keypair of (PROVISIONING_KEY, PROVISIONING_SECRET) for this app on the DCMC.

                                                            Please follow Step2 : Datawiza Cloud Management Console to configure.

                                                            # Part III: Run DAP With a Header-Based Application

                                                            You can use either Docker or Kubernetes to run DAP. The following is an example docker-compose.yml file. You may need to login to our container registry to download the images of DAP and the header-based app. See Step3 : Configure DAP and SSO Integration for more details or Deploy DAP with Kubernetes for Kubernetes-specific instructions.

                                                            version: '3'
                                                            
                                                            services:
                                                              datawiza-access-proxy:
                                                                image: registry.gitlab.com/datawiza/access-proxy
                                                                container_name: datawiza-access-proxy
                                                                restart: always
                                                                ports:
                                                                  - "9772:9772"
                                                                environment:
                                                                  PROVISIONING_KEY: #############################
                                                                  PROVISIONING_SECRET: #############################
                                                            
                                                              header-based-app:
                                                                image: registry.gitlab.com/datawiza/header-based-app
                                                                container_name: ab-demo-header-app
                                                                restart: always
                                                                ports:
                                                                  - "3001:3001"
                                                            
                                                            1
                                                            2
                                                            3
                                                            4
                                                            5
                                                            6
                                                            7
                                                            8
                                                            9
                                                            10
                                                            11
                                                            12
                                                            13
                                                            14
                                                            15
                                                            16
                                                            17
                                                            18
                                                            19

                                                            After executing docker-compose -f docker-compose.yml up, the header-based app should have SSO enabled with Okta SAML. Open a browser and type in http://localhost:9772/. You should see the Okta SAML login page as follows. Note that if you are already logged into Okta in your browser, you may need to logout to see the login page. DAP with Okta SAML

                                                            # Part IV: Pass User Attributes to the Header-Based App

                                                            DAP gets user attributes from IdP and can pass the user attributes to the application via header or cookie.

                                                            Please follow the instructions of Step4 : Pass User Attributes to pass the user attributes to the header-based app, which is expecting:

                                                            • email
                                                            • firstname
                                                            • lastname
                                                            • groups

                                                            After successfully configuring the user attributes, you should see the green check sign for each of the user attributes as follows. Okta with DCMC attributes

                                                            # Part V: Achieve Granular Access Control

                                                            You can configure access control to an application based on user's attributes (e.g., groups, department) and other metadata of a request (e.g., URL, IP, http method, access time).

                                                            Please reference Step5 : Achieve Granular Access Control for detailed instructions on how to set up access rules. You can practice the rule configuration using the following example.

                                                            Prev
                                                            Secure a Web App Using Okta
                                                            Next
                                                            Secure a Web App Using PingOne
                                                            You can also reach us on Discord
                                                            Copyright © 2022 Datawiza Technologies Inc