Blameless is officially part of the Okta Integration Network. The following instructions describe how to install and configure the Blameless app from the Okta application catalog:
Adding the Blameless App in Okta
- Log in to your Okta Admin dashboard
- Install the Blameless app from Applications/ Applications/ Browse App Catalog
- Search for Blameless and then Add Integration
- After you click Add Integration, Okta will guide you through some steps. The first thing is to update the Base Url field to the url of your Blameless instance.
Configure Single Sign On
If you'd like to configure Single Sign On to Blameless via Okta, you can configure that under the Sign On tab. Go to the Sign On tab and click Edit. If you'd like to configure SCIM Provisioning instead, please jump to the next section below titled "Configure SCIM Provisioning".
-
-
- Update the Customer Name field (if your Base Url was https://customer-a.blameless.io then your customer name is customer-a)
- Now, go ahead and copy the Sign On Url
- Also, go ahead and download the certificate that Okta provides
- Once you've got those values, you're going to want to sign in to Blameless, go to Settings, and then go to the IAM -> Single Sign-On page. Here you will paste the Sign In Url. Then open the certificate file you downloaded earlier in a text editor and copy and paste the contents into the certificate field below. Toggle SAML Enabled to On and hit Save.
NOTE: Make sure you assign yourself to the Blameless Application in Okta otherwise Okta will not allow you to authenticate with Blameless after you complete this last step!
Configure SCIM Provisioning
Once the app is installed, you can easily configure SCIM Provisioning under the Provisioning tab:
- Click Configure API Integration
- Click the checkbox next to Enable API Integration
- You'll be prompted to enter an API Token
- Note: You can get the API Token from the Key Management screen in your blameless instance
- https://<your-instance>.blameless.io/identity-management/key-management
- Once you've entered the API Token, click Test Credentials. Once you've seen the success message, click Save.
- Once you've saved your settings, you will be able to configure some settings related to the provisioning. If you'd like to enable some settings, click Edit and change the settings however you like
- You can now grant access to Blameless via the Assignments tab. Here, you can grant access to specific Okta users or groups. Assigning groups or users here will ONLY PROVISION the users and the users of the groups. It will NOT create the groups and group memberships in Blameless.
- To sync Okta groups to Blameless and the group memberships, you can do that under the Push Groups tab
Comments
0 comments
Article is closed for comments.