Palo Alto Networks Knowledgebase: How to Configure Okta SAML Single Sign-On (SSO) Authentication with Aperture

How to Configure Okta SAML Single Sign-On (SSO) Authentication with Aperture

Created On 07/17/19 21:12 PM - Last Updated 07/17/19 22:30 PM
Device Management Initial Configuration Installation QoS Zone and DoS Protection Aperture

Enabling SSO on Aperture requires information from your IDP.  The following section provides details on how to add Aperture as an Application on your IDP and then using information from your IDP to configure SSO on Aperture. Okta is used as IDP.


Configuring IDP

Click here to get the detailed steps to setup your Identity Provider configuration.


1. When you reach Configure SAML section, use the following information:


SAML Settings

Where <abc> is your tenant name.

Screen Shot 2018-04-17 at 5.12.22 PM.png


2. Continue to run the configuration wizard until you reach the Settings section:


Screen Shot 2018-04-17 at 5.13.45 PM.png


3. From here, click View Setup Instruction, then make a note of the following:


  • Identity Provider Single Sign-On URL
  • Identity Provider Issuer:
  • Download X.509


Configuring Aperture:

Only the Super Admin can configure SSO on Aperture. Perform the following steps on Aperture:


1. Enable SSO by going to Setting > Single Sign On and enter IDP provider ID, certificate, and Identity Provider SSO URL.


Screen Shot 2018-04-17 at 5.17.28 PM.png


Some IDP does not check for certificate validation. In that case, un-check Require valid certificate for login.

Enter the information you gathered from the previous section Configuring IDP.


2.  Add a new user for SSO by going to Settings > Admin Accounts, then click Save.


Screen Shot 2018-04-17 at 5.18.45 PM.png



  • Print
  • Copy Link

Choose Language