Linuxlink SSO

Companies that use the identity management system OKTA can leverage its SSO functionality and have their team members log in to Linuxlink using their OKTA identity. While users using their SSO credentials will not be able to log into Linuxlink using their local credentials, it does not prevent users without OKTA from accessing the site as they had done previously.
Timesys plans on adding other IAM systems such as Azure AD to increase our ability to service our customers.

Okta Application Setup

  • Okta Dashboard
    • Click "Applications" on the left-side menu and select "Applications" in the sub menu.
    • Click the "Create App Integration"
  • General Settings
    • Select SAML 2.0 for the sign in method and click Next
    • You can name your Okta application anything you wish in the "App Field" input, and click Next
  • Configure SAML
    • Set your Single sign-on URL and Audience URI to be the following
    Single Sign-on URL https://linuxlink.timesys.com/saml/acs
    Audience URI (SP Entity ID) timesys-4151fe1f4bdf030da9e5a151
    • Set the Name ID format to be Email Address
    • Add the following Claims to the Attribute Statement Settings, and click Next

  • Feedback
    • Finally, select the Checkbox "This is an internal app that we have created"

Assigning Users

  • After you finish creating the application, navigate to the "*Assignments*" Tab
  • Click the "Assign" button and select "Assign to People"
  • From here you can assign anyone who is in your Okta directory to the Linuxlink SSO Application.
    • You can create additional users by going to Directory >> People and clicking the "Add person" button, but these people must be registered in Linuxlink first to login via Okta

Important Notes

  • You should copy your Metadata URL found in your application under the Sign On tab and in the SAML 2.0 section. This will be used to link Linuxlink users with the Okta application.

Managing SSO Accounts

Managers are able to create, delete, enable and disable SSO accounts for all members of teams that they are a Manager of using the SSO Manager. It is accessed by navigating to your Profile page and clicking the "Manage SSO Accounts" button located in the row of a relevant team. While the button will navigate you to the SSO Manager and filter the table by the team you have selected, the SSO manager offers the ability to choose between all teams a user has Manager permissions for, and alter the SSO accounts of the contained users.

UI Walkthrough

Metadata Form [1]

At the top of the SSO manager page is Metadata URL form. The first input will allow you to enter your IAM system's metadata URL. This input is checked upon submission to see if the metadata URL you have entered is valid or not, and is only required when a user wishes to add SSO accounts to a member of a team. The second input is where you can filter the SSO Accounts table by Linuxlink teams that you are a manager of.

SSO Accounts Table [2]

Here a user can view the current SSO accounts assigned to members of their team. It can be sorted by Email, Organization, The Team that the SSO account is assigned to, and a list of teams that the User is a member of.

Adding SSO Accounts

To add an SSO account to single, or multiple users select the team you wish to associate the SSO accounts with, and select the requested users. Then click the "Add SSO accounts to Users" button. If a user is selected that already has an SSO account with that team and metadata URL it will return an error message, but will not prevent the creation of SSO accounts for other users. Selecting the checkbox in the header will select all of the users of that team.

Deleting SSO accounts

To delete SSO accounts select the users you wish to delete and select the button of your preferred action. If a user does not have an SSO account an error message will be displayed, but will not prevent the action from being applied to valid users.