Skip to content

Overview

In this multi-part exercise, you will setup IDP integration with OKTA in order to test RBAC through IDP group association, local groups and the union between them.

What Will You Do

Part What will you do?
1 In this part, you will Setup the IDP integration, user and group
2 In this part, you will Test the IDP with RBAC

The sequence diagram below describes the two scenarios you will experience in the exercise. 

sequenceDiagram
    participant rafay as Rafay
    participant idp as Okta

    rect rgb(191, 223, 255)
    note over rafay,idp: Configure IdP 
    rafay->>idp: Configure Okta as IdP for Rafay Org
    end

    rect rgb(191, 223, 255)
    note over rafay, idp: Scenario 1: AuthN and AuthZ from IdP
    idp->>rafay: SAML Assertion with Group (Rafay will map to Role)
    rafay->>rafay: Maps IdP Group to Rafay Role
    end

    rect rgb(191, 223, 255)
    note over rafay, idp: Scenario 2: AuthN from IdP + Local AuthZ Override
    idp->>rafay: SAML Assertion with Group
    rafay->>rafay: Maps IdP Group with Local Group Override to Rafay Role
    end

Note

You can also optionally watch a video walking you through all the steps descibed in this exercise.

References

  • Learn about how you can integrate your Identity Provider (IdP) with your Org
  • Learn how you can integrate Okta with your Org
  • Learn about the various Roles

Assumptions

This exercise assumes that you have access to the following: