Securing a Portal Experience with Okta

In this topic you will learn how to secure Portal Experiences using Okta SSO.

When an experience is secured using SSO, users will be required to authenticate before they can access the experience.

The steps in this topic assumed you have signed up for an Okta trial account and can sign into your account.

Creating an application

Start by creating an application.

  1. Log in to your Okta trial account.
  2. Click Admin at the top of the page.
  3. Enter your account password and click Verify.
  4. You will be required to set up a security method. Click Set up next to the method you want to use.
  5. When you have successfully logged in, confirm that the Dashboard Getting Started page appears.
  6. Click Applications > Applications in the left navigation.
  7. On the Applications page, click Create App Integration.
  8. Select a Sign-in method of SAML 2.0.
  9. Click Next.
  10. Enter an App name.
  11. (Optional) Browse and select and App logo.
  12. Click Next.
  13. Set the Single sign on URL to https://auth.bcvp0rtal.com/login/callback.
  14. For the Audience URI (SP Entity ID) enter the Okta URL for your Okta homepage. This will be listed on the new account email you received from Okta when your trial account was created.
  15. Click the < > Preview the SAML Assertion button. Valid XML should be displayed in a new browser tab. If there are any errors, a message will be displayed.
  16. Close the browser tab displaying the XML and return to the Okta page.
  17. Click Next.
  18. Select an option for Are you a customer or partner? and then click Finish.
  19. Confirm that the application was created and the Settings page appears.
  20. Locate where it says SAML 2.0 is not configured until you complete the setup instructions. Click View Setup Instructions.

The How to Configure SAML 2.0 instructions will open in a new browser tab. This information will be needed when creating an Access Control Profile in Brightcove Gallery.

Creating an Access Control Profile

You need to create an Access Control Profile that will be used to secure any experiences you want to secure using SSO.

  1. Login to your Brightcove Gallery account.
  2. Click the settings icon () on the home page.
  3. In the left navigation, click Access Control Profiles.
  4. Click Create Profile.
  5. Give the profile a Name.
  6. Select the SSO option.
  7. Return to the How to Configure SAML 2.0 instructions. Copy the Identity Provider Single Sign-On URL and paste it into the SAML 2.0 Endpoint (HTTP) field.
  8. Return to the How to Configure SAML 2.0 instructions. Copy the entire value in the X.509 Certificate field and paste it into the X.509 Certificate field. Make sure you include the BEGIN/END CERTIFICATE lines.
  9. If you will be passing any SSO parameters back to Gallery, check the Expose all attributes option.
  10. Click Save and confirm that the profile was created.

Assigning group permissions

The final step in Okta is to give all users in Okta access to the application that was created.

  1. Return to the Okta Dashboard.
  2. For the Okta application you created, click the Assignments tab.
  3. Click Assign > Assign to Groups.
  4. Click Assign next to the Everyone group and then click Done.

Assign the Access Control Profile to an experience

The last step is to assign the Access Control Profile that was created to the experience(s) you want to secure.

  1. Return to Brightcove Gallery.
  2. Edit the experience you want to secure.
  3. In the left navigation, click Site Configuration > Access Control.
  4. Select the Access Control Profile that is associated with the Okta SSO configuration.
  5. Click Save.
  6. Publish the experience.

When you access the experience, you should be prompted by Okta to login.