Authenticating SAML

If you have Okta configured to use AD as the source directory whereby Centrify Privileged Access Service can see the same directory through the connector, choose from the following:

  • Set up groups in Okta, add AD groups as members, and set up group mapping in the SAML partnership.
  • Do not create groups in Okta, but configure Centrify PAS to look up the user in AD/LDAP and then use the directory groups for permission/rights within Centrify PAS. Instead, try one of the follwing:
    • Force the lookup. If the user is not found, reject the login.
    • Try the the lookup and use the groups (if present), but do not reject the login.
  • Add groups from Okta into roles to grant permissions/rights within Centrify PAS.

Note:   To customize the login session timeout value for user accounts federated from Okta to Centrify PAS, contact Centrify PAS Support. This value is the duration for the user's login session. A suggested timeout value might be 4 hours, 8 hours, etc.