PDF(1.1 MB) View with Adobe Reader on a variety of devices
ePub(1.2 MB) View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
Mobi (Kindle)(1.1 MB) View on Kindle device or Kindle app on multiple devices
Updated:March 31, 2023
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This document describes how to integrate OKTA Single Sing-On (SSO) on a Software-Defined Wide Area Network (SD-WAN).
Cisco recommends that you have knowledge of these topics:
SD-WAN general overview
Security Assertion Markup Language (SAML)
Identity Provider (IdP)
The information in this document is based on these software and hardware versions:
Cisco vManage Release 18.3.X or later
Cisco vManage Version 20.6.3
Cisco vBond Version 20.6.3
Cisco vSmart Version 20.6.3
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.
Security Assertion Markup Language (SAML) is an open standard for exchange authentication and authorization data between parties, in particular, between an identity provider and a service provider. As its name implies, SAML is an XML-based markup language for security assertions (statements that service providers use to make access-control decisions).
An Identity Provider (IdP) is a trusted provider that lets you use single sign-on (SSO) in order to access other websites. SSO reduces password fatigue and enhances usability. It decreases the potential attack surface and provides better security.
1. In Cisco vManage, navigate to Administration > Settings > Identify Provider Settings > Edit.
Settings" />Configuration > Settings
2. Click Enabled.
3. Click to download the SAML metadata and save the content in a file. This is needed on the OKTA side.
Tip: You need these information from METADATA to configure OKTA with Cisco vManage.
a. Entity ID
b. Sign certificate
c. Encryption certificate
d. Log out URL
e. Log in UR
Note: Certificates must be in x.509 format and save them with .CRT extension.