Step 7 — Modify Okta SAML Application Metadata with ExtremeCloud IQ Settings

For this step, we recommend having ExtremeCloud‌ IQ and Okta open in separate tabs, as you will select data from your new IdP profile in ExtremeCloud‌ IQ and copy it over to your SAML application in Okta.

  1. In Okta:
    1. Browse to your Admin Portal, navigate to Applications > Applications, and then select your SAML application.
    2. From the General tab, scroll down to SAML Settings, and then select Edit.
    3. Select Next, and then select the Configure SAML tab.
  2. In ExtremeCloud IQ:
    1. Navigate to General Settings > Enable Single Sign-on, in the row for your IdP profile completed in Step 6, select 3 dot menu, and then select Edit.
    2. Select the ExtremeCloud (SP) Connection tab.
    3. Select Download Certificate, and save the file to your computer.
    4. Copy the SP Entity ID value from ExtremeCloud IQ and copy it to the Audience URI (SP Entity ID) field in Okta.
    5. Copy the ACS URL value from ExtremeCloud IQ and copy it to the Single Sign-On URL field in Okta.
    Click to expand in new window
    Okta - Replace Temporary Data for Single Sign-On URL and Audience URI
    Okta - Replace Temporary Data for Single Sign-On URL and Audience URI
  3. In Okta:
    1. Under SAML Settings > General, select Show Advanced Settings.
    2. For Signature Certificate, select Browse files.
    3. Select All Files, navigate to find the certificate file you downloaded in the previous step, select the certificate, and then select Open to upload the ExtremeCloud‌ IQ certificate.
    4. Select Enable Single Logout.
    5. Copy the SLO URL value from ExtremeCloud IQ and copy it to the Single Logout URL field in Okta.
    6. Copy the SP Entity ID value from ExtremeCloud IQ and copy it to the SP Issuer field in Okta.
      Click to expand in new window
      Okta - Single Logout Setting Definition
      Okta - Single Logout Setting Definition
    7. Select Next, and then select Finish. Click to view your SAML application again.
    8. Select the Sign On tab, and in the SAML 2.0 section, select More Details.
    9. Next to the Single Logout URL field, select Copy.
      Use this URL to replace the placeholder text we submitted earlier.
  4. In ExtremeCloud IQ:
    1. Return to the IdP Connection tab of your IdP profile and paste that value into the SLO URL and SLO Response URL fields, replacing your placeholder values.
    2. Select Save.
    The integration is now complete.
9038990-00 Rev AB