Configuring SSO through Okta - Data360_Govern - Preview

Data360 Govern Help
Product type
Software
Portfolio
Verify
Product family
Data360
Product
Precisely Data Integrity Suite > Govern
Data360 Govern
Version
Preview
Language
English
Product name
Data360 Govern
Title
Data360 Govern Help
Copyright
2024
First publish date
2014

To configure SSO through Okta, you must provide Precisely support with the following information:

Required information Description
Idp SSO endpoint A publicly accessible login URL.
Idp SLO endpoint A publicly accessible logoff URL, if different from above.
Expected hash algorithm For example SHA1, SHA256 or SHA512.
Sign SAML assertion Y/N
Sign SAML message Y/N
Encrypt SAML message Y/N
Public certificate If you have provided an encrypted SAML message, please also provide a .CER file to encrypt the message with.
Expected claims

Expected claim

Active Directory property

Username, for example:

  • username
  • http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
 Email addresses

First name, for example:

  • first
  • firstname
  • http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
 Given name

Last name, for example:

  • last
  • lastname
  • http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
 Surname

Group:

  • http://schemas.microsoft.com/ws/2008/06/identity/claims/groups
 Group name
Additional optional claims

You may wish to assign additional claims such as phoneNumber, mobilePhone, jobTitle, or department as a claim.

If so, please specify the claim names as well.

If you want to synchronize these optional claims with users, you will need to create fields for a user under

Administration :: Security :: Users, where each field's API Name matches the custom claim's property name.

If using Azure Active Directory, you must create an enterprise application, as follows:

  1. Sign in to the Microsoft Azure portal, click the portal menu icon, positioned to the top left, then select Azure Active Directory.

  2. In the right pane, click Enterprise application in the Create area.

  3. Click Non-Gallery application.

  4. In the Name field, type Precisely Data3Sixty Govern, or your preferred name for the application, and click Add.

  5. Click Single sign-on in the left menu, then click SAML.

  6. In the Basic SAML Configuration, click the pencil to edit.

    1. You must add an Identifier (Entity ID) value:

      https://www.okta.com/saml2/service-provider/xxxx (to be provided by Precisely support).

      Then select this value as the default and remove all other Identifiers.

    2. The Reply URL (Assertion Consumer Service URL) is also provided by Precisely Support.

  7. In the SAML Signing Certificate area, select Download for Certificate (Base64), and download the certificate to your computer.

    Note: You'll need the certificate when you make Azure Active Directory an identity provider in Okta.

  8. In the Set up Precisely Data3Sixty Govern area (step 4), record the values in these fields:

    • Login URL.
    • Azure AD Identifier.
    • Logout URL.
    Note: You will need these values when interacting with Precisely Support.