How to configure Single Sign On (SSO) for an Illumina Enterprise domain using Okta
Last updated
Last updated
© 2023 Illumina, Inc. All rights reserved. All trademarks are the property of Illumina, Inc. or their respective owners. Trademark information: illumina.com/company/legal.html. Privacy policy: illumina.com/company/legal/privacy.html
Follow the steps below to configure the IDP (Okta) and SP (Illumina) for SSO on an Illumina Enterprise domain.
Note: Illumina supports SP-initiated login only; users must sign in via an illumina.com URL (eg, https://.login.illumina.com or https://.basespace.illumina.com).
From the Okta admin console, select the Applications tab and Create App Integration.
Select SAML 2.0 then select Next.
Provide a name for the application and select Next. Here the application name is "PlatformAuth."
Enter https://login.illumina.com/saml-service/saml/SSO in the Single sign-on URL field and https://login.illumina.com/saml-service/saml/metadata in the Audience URI (SP Entity ID) field.
Leave Name ID Format set to “Unspecified” and set Application username to “Email”.
Under Attribute Statements enter attributes for the email address, first name, and last name. The value provided under the Name column is what will be entered in the Illumina IAM Console (Step 10). Make sure the Name format is set to “URI Reference.”
After saving the settings, select the link for Identify Provider metadata to download the Okta metadata XML file, which will be uploaded to the Illumina IAM Console.
From the Directory > Profile Editor tab in Okta, select the application (here is “PlatformAuth”), then select the + Add attribute button. Create 3 attributes, one each for Email, First name, and Last name.
Select the Mappings button when all three attributes have been created and select the Okta User to tab. Make sure that user.firstName, user.lastName, and user.email map to the appropriate attribute created in Step 8 and select Save Mappings.
From the Illumina IAM Console, upload the Okta metadata XML file under the Select SAML configuration file and enter the Entity ID value in the IDP URL field. This value can be found in the metadata XML file downloaded in Step 7.
Enter the exact values used in the Name field for the Attribute Statements in Step 6 into the appropriate fields on the Authentication Configuration page and select Save.
Once settings have been saved on both the IDP and SP ends, it will take some time for everything to sync on the Illumina side. Wait at least 15 min, and be aware that settings can sometimes take over an hour to sync.
For any feedback or questions regarding this article (Illumina Knowledge Article #6210), contact Illumina Technical Support techsupport@illumina.com. |