Merge pull request #2195 from hpe-dev-incubator/cms/blog/configuring-sso-for-hpe-greenlake-central-private-cloud-enterprise-and-hpe-greenlake-glcp-using-okta

Update Blog “configuring-sso-for-hpe-greenlake-central-private-cloud-enterprise-and-hpe-greenlake-glcp-using-okta”

Author: choukden

content/blog/configuring-sso-for-hpe-greenlake-central-private-cloud-enterprise-and-hpe-greenlake-glcp-using-okta.md

@@ -9,14 +9,22 @@ authorimage: /img/Avatar1.svg
 thumbnailimage: /img/hpe-greenlake-sso-page.jpg
 disable: false
 tags:
-  - HPE GreenLake Private Cloud Enterprise application
-  - HPE GreenLake edge-to-cloud platform
+  - hpe-greenlake-platform
   - sso
   - okta
   - Active Directory
   - hpe-greenlake
 ---
-Enterprises looking to use HPE GreenLake for Private Cloud Enterprise can benefit from the use of SSO, as it has been integrated onto the HPE GreenLake edge-to-cloud platform, which supports single sign-on.
+<style>
+li {
+   font-size: 27px;
+   line-height: 33px;
+   max-width: none;
+}
+</style>
+
+
+Enterprises looking to use HPE GreenLake for Private Cloud Enterprise can benefit from the use of SSO, as it has been integrated onto the HPE GreenLake edge-to-cloud platform (also known as HPE GreenLake platform), which supports single sign-on.
 
 In this blog post, I will walk you through the process of configuring Okta Active Directory (AD) to authenticate users into the HPE GreenLake for Private Cloud Enterprise application on the HPE GreenLake platform using SAML Identity Provider (IdP) for single sign-on.
 
@@ -31,7 +39,7 @@ Please review the [HPE GreenLake](https://support.hpe.com/hpesc/public/docDispl
 * Step 1: Create an Okta SAML application
 * Step 2: Configure Sign On settings
 * Step 3: Export the SAML 2.0 IdP metadata
-* Step 4: Configure the SAML connection in the HPE GreenLake edge-to-cloud platform
+* Step 4: Configure the SAML connection in the HPE GreenLake platform
 
 **Step 1: Create an Okta SAML application**
 
@@ -41,7 +49,7 @@ Please review the [HPE GreenLake](https://support.hpe.com/hpesc/public/docDispl
 
 ![](/img/ws-image0.png)
 
-Provide a name for the SAML application which gets connected to the HPE GreenLake edge-to-cloud platform
+Provide a name for the SAML application which gets connected to the HPE GreenLake platform:
 
 ![](/img/saml_app-okta.jpg)
 
@@ -61,17 +69,17 @@ Provide a name for the SAML application which gets connected to the HPE GreenLak
 
     **NameID = user.email**
 
-    **gl_first_name = user.FirstName**
+    **gl\_first\_name = user.FirstName**
 
-    **gl_last_name = user.LastName**
+    **gl\_last\_name = user.LastName**
 
-    **hpe_ccs_attribute = (See Below)**
+    **hpe\_ccs\_attribute = (See Below)**
 
    See here for IdP attribute details: [](https://support.hpe.com/hpesc/public/docDisplay?docId=a00120892en_us)<https://support.hpe.com/hpesc/public/docDisplay?docId=a00120892en_us&page=GUID-D7192971-EF71-4304-B51E-548E7954E644.html>
 
-   A new SAML attribute has been added “hpe_ccs_attribute” which tells HPE GreenLake edge-to-cloud platform and HPE GreenLake for Private Cloud Enterprise application the exact role/permissions for each user. The following describes how to format the attribute.
+   A new SAML attribute has been added “hpe\_ccs\_attribute” which tells HPE GreenLake platform and HPE GreenLake for Private Cloud Enterprise application the exact role/permissions for each user. The following describes how to format the attribute.
 
-   Format: {version}#{pcid}:{app id}:{role_name}:{ALL_SCOPES}
+   `Format: {version}#{pcid}:{app id}:{role_name}:{ALL_SCOPES}`
 
    Note :  At present HPE GreenLake for Private Cloud Enterprise application role should be excluded.
 
@@ -81,62 +89,69 @@ Provide a name for the SAML application which gets connected to the HPE GreenLak
 
 ![](/img/glp_role_name.jpg)
 
-The **hpe_ccs_attribute** always starts with version1#. You must first configure the attributes for HPE GreenLake edge-to-cloud platform and To do so, enter the PCID for the account, followed by the HPE GreenLake application ID. This will always be **00000000-0000-0000-0000-000000000000**. Following this, enter the role name and ALL_SCOPES**.** 
+The **hpe\_ccs\_attribute** always starts with version1#. You must first configure the attributes for HPE GreenLake platform and to do so, enter the Platform Customer ID (PCID) for the account (this is the identifier assigned to your HPE GreenLake platform Workspace), followed by the HPE GreenLake platform application ID. This will always be **00000000-0000-0000-0000-000000000000**. Following this, enter the role name and ALL\_SCOPES**.** 
 
 Example:
 
-version_1#7ede5c36b7b911edacf45a78eb8b07d1:00000000-0000-0000-0000-000000000000:Observer:ALL_SCOPES
+`version_1#7ede5c36b7b911edacf45a78eb8b07d1:00000000-0000-0000-0000-000000000000:Observer:ALL_SCOPES`
 
 ![](/img/saml_settings.jpg)
 
 2. Complete the setup.
 
 ![](/img/ws-image7.png)
 
-Click Next and Select “Internal App”, then Finish.
+Click **Next** and select **Internal App**, then **Finish**.
 
 **Step 3:** **Export the SAML 2.0 IdP metadata**
 
 1. Click Next – Configure the single sign-on settings
 
-   You will find two options are available: **View Setup Instructions** which steps you through the SAML configuration and **Identity Provider metadata**, which will produce an XML file that can be loaded into HPE GreenLake edge-to-cloud platform application
+   You will find two options are available: **View Setup Instructions** which steps you through the SAML configuration and **Identity Provider metadata**, which will produce an XML file that can be loaded into HPE GreenLake platform application.
 
-   Suggestion: Click **Identity Provider metadata** and save the XML data to a file.
+   Suggestion: click **Identity Provider metadata** and save the XML data to a file.
 
    ![](/img/ws-image9.png)
-2. Click **Next**.       
+
+2. Click **Next**.   
+    
 3. Select **Internal app**, and click **Finish**.    
 
-   ##### **Step 3.1 :  Access to the SAML application and HPE GreenLake edge-to-cloud platform is determined by assigning only those members or group to the SAML application.**
+   ##### **Step 3.1 :  Access to the SAML application and HPE GreenLake platform is determined by assigning only those members or group to the SAML application.**
 
 ![](/img/customer-user-assignment-to-saml.jpg)
 
 
 
-**Step 4:** **Configure the SAML connection in the HPE GreenLake edge-to-cloud platform**
+**Step 4:** **Configure the SAML connection in the HPE GreenLake platform**
 
-1. Log into HPE GreenLake edge-to-cloud platform and click Menu > Manage > Authentication and Click Set Up SAML Connection.
+1. Log into HPE GreenLake platform and click **Menu** > **Manage** > **Authentication** and click **Set Up SAML Connection**.
 
-   *Before you can add a new SAML configuration, you must have at least **one** user account with that **domain** already enabled in HPE GreenLake edge-to-cloud platform. Also, you must be logged into HPE GreenLake edge-to-cloud platform with an account from that domain in order to enable SSO for it.*
+   _Before you can add a new SAML configuration, you must have at least **one** user account with that **domain** already enabled in HPE GreenLake platform. Also, you must be logged into HPE GreenLake platform with an account from that domain in order to enable SSO for it._
 
    ![](/img/ws-image10.png)
+
 2. Type in the domain you want to enable SSO on:
 
    ![](/img/glp_domain.jpg)
+
 3. Input the metadata from the step above.
 
-   While HPE GreenLake edge-to-cloud platform does support entering this information manually, it's recommended that you simply upload the XML metadata that was downloaded in the previous step. To do so, Select Metadata File, selecting the XML file. Then, click Next.
+   While HPE GreenLake platform does support entering this information manually, it's recommended that you simply upload the XML metadata that was downloaded in the previous step. To do so, select **Metadata File**, selecting the XML file. Then, click **Next**.
 
    ![](/img/ws-image12.png)
+
 4. Enter the SAML attributes to match what was entered in Okta. Set the idle timeout value as well.
 
    ![](/img/config_setting_sso_appjpg.jpg)
-5. Then click **Next**.    
-6. Create a recovery user so that, in the event SSO fails, an admin will still be able to access the HPE GreenLake edge-to-cloud platform.    
+
+5. Then click **Next**.
+    
+6. Create a recovery user so that, in the event SSO fails, an admin will still be able to access the HPE GreenLake platform.    
 
    ![](/img/recovery_user.jpg)
 
-   Congratulations! SSO will now be enabled for HPE GreenLake edge-to-cloud platform as well as the HPE GreenLake for Private Cloud Enterprise application. Log out and on the HPE GreenLake edge-to-cloud platform home page, click **Sign in with SSO**.
+   Congratulations! SSO will now be enabled for HPE GreenLake platform as well as the HPE GreenLake for Private Cloud Enterprise application. Log out and on the HPE GreenLake platform home page, click **Sign in with SSO**.
 
 **Testing and troubleshooting:**
 
@@ -146,7 +161,7 @@ On the HPE GreenLake edge-to-cloud platform home page, click **Sign In with SSO*
 
 ![](/img/hpe-greenlake-sso-page.jpg)
 
-Enter the SSO credentials. You will be redirected to Okta to authenticate. Once you successfully authenticate, you will be redirected back to HPE GreenLake edge-to-cloud platform. You can then click on the HPE GreenLake for Private Cloud Enterprise application and be given access based on the configured role/permissions.
+Enter the SSO credentials. You will be redirected to Okta to authenticate. Once you successfully authenticate, you will be redirected back to HPE GreenLake platform. You can then click on the HPE GreenLake for Private Cloud Enterprise application and be given access based on the configured role/permissions.
 
 **Additional notes:**
 
@@ -157,4 +172,4 @@ Enter the SSO credentials. You will be redirected to Okta to authenticate. Once
 * Customer users should be given access to SAML application.
 * After authentication when clicking the HPE GreenLake for Private Cloud Enterprise application**,** if it leads to the below error, it will take 1 hr to sync. If it does not do so within that time period, the customer should contact their HPE administrator. 
 
-I hope this blog post answers any questions you may have had in regards to how to configure single sign-on for HPE GreenLake for Private Cloud Enterprise on the HPE GreenLake edge-to-cloud platform using Okta Active Directory. Please return back to the [HPE Developer blog](https://developer.hpe.com/blog) for more tips and tricks on working with the HPE GreenLake edge-to-cloud platform.
+I hope this blog post answers any questions you may have had in regards to how to configure single sign-on for HPE GreenLake for Private Cloud Enterprise on the HPE GreenLake platform using Okta Active Directory. Please return back to the [HPE Developer Community blog](https://developer.hpe.com/blog) for more tips and tricks on working with the HPE GreenLake platform.