Authenticating SAML

If you have Okta configured to use AD as the source directory whereby Centrify Privileged Access Service can see the same directory through the connector, choose from the following:

  • Set up groups in Okta, add AD groups as members, and set up group mapping in the SAML partnership.
  • Do not create groups in Okta, but configure Centrify PAS to look up the user in AD/LDAP and then use the directory groups for permission/rights within Centrify PAS.
    • force the lookup, if not found -- reject the login.
    • try the look up and use the groups if present, but do not reject the login.
  • Add groups from Okta into roles to grant permissions/rights within Centrify PAS.