This article guides you to configure SAML-based SSO and RBAC for Arctera Unified Platform Users using Okta SSO App.

To configure SAML-based SSO and RBAC for Arctera Archiving Users using Okta SSO App

1. Enable Role-Based Claims in Arctera Management Console:
   • Access the Arctera Management Console and navigate to Role Management > Authentication Management.
   • Set Role-Based Claims Allowed to Yes.
     

2. Configure Claim Mapping in Okta SSO App.

   • Access Okta Admin Center and navigate to the application created for Arctera Unified Platform SSO.

   • Configure role mapping to send built-in or custom administration role names (without spaces) to the approle string array attribute in the SAML response.
     To achieve this, navigate to Profile Editor → Okta SSO App (Arctera SSO User) and add a string array attribute to the user profile. Refer to the sample screenshots below:
     
     

     
     

3. Define Application Roles in Okta:

   • Map the required role names (defined in Arctera Management Console) to the string array attribute created earlier. Do this by providing the values during user assignment to the app or by editing the user profile for the app to include these values.
     
     Roles defined in Manage
     
     
     Providing the values during user assignment to the app
     
     
     
     
     Or, editing the user profile for the app to add these values
     

4. Update Attribute Mapping in the Okta SSO App:

   • Navigate to Applications > SSO App (Arctera SSO).
     

   • Edit the application configuration to map the user profile attribute to the approle SAML response attribute.
     
     
     

5. Verify the configuration: by ensuring the SAML response after SSO login includes the role names in the approle attribute. Confirm that the account role user in Manage receives the corresponding roles sent in the SAML response.

Account Role user



SSO login for the user

<