hpe-dev-incubator
diff --git a/‎content/blog/okta-sso-integration-for-green-lake-and-aruba-central.md
Lines changed: 19 additions & 21 deletions b/‎content/blog/okta-sso-integration-for-green-lake-and-aruba-central.md
Lines changed: 19 additions & 21 deletions
diff --git a/‎static/img/ws-image0.png
121 KB b/‎static/img/ws-image0.png
121 KB
diff --git a/‎static/img/ws-image1.png
111 KB b/‎static/img/ws-image1.png
111 KB
diff --git a/‎static/img/ws-image10.png
76.6 KB b/‎static/img/ws-image10.png
76.6 KB
diff --git a/‎static/img/ws-image11.png
78.9 KB b/‎static/img/ws-image11.png
78.9 KB
diff --git a/‎static/img/ws-image12.png
72.1 KB b/‎static/img/ws-image12.png
72.1 KB
diff --git a/‎static/img/ws-image13.png
160 KB b/‎static/img/ws-image13.png
160 KB
diff --git a/‎static/img/ws-image14.png
167 KB b/‎static/img/ws-image14.png
167 KB
diff --git a/‎static/img/ws-image15.png
36.5 KB b/‎static/img/ws-image15.png
36.5 KB
diff --git a/‎static/img/ws-image16.png
44.7 KB b/‎static/img/ws-image16.png
44.7 KB
@@ -30,11 +30,11 @@ To configure application metadata in Okta, complete the following steps:
 2. Click **Applications > Create App Integration.** The Create a new app integration window opens.
 3. Select SAML 2.0 and click Next.
 
-![](/img/image0.png)
+![](/img/ws-image0.png)
 
 Provide a name for the Aruba GreenLake SSO service (Okta Application)
 
-![](/img/image1.png)
+![](/img/ws-image1.png)
 
 **Step 2: Configure Single Sign On settings**
 
@@ -59,13 +59,13 @@ Provide a name for the Aruba GreenLake SSO service (Okta Application)
 
    One of the additional features added as part of the GreenLake CCS is Role Based Access Controls (RBAC) for Aruba Central and all other apps in CCS. A new SAML attribute has been added “hpe_ccs_attribute” which tells GreenLake and Central the exact role/permissions for each user. The following describes how to format the attribute.
 
-![](/img/image2.png)
+![](/img/ws-image2.png)
 
-![](/img/image3.png)
+![](/img/ws-image3.png)
 
-![](/img/image4.png)
+![](/img/ws-image4.png)
 
-![](/img/image5.png)
+![](/img/ws-image5.png)
 
 The **hpe_ccs_attribute** will always start with **version_1#**. First, we’ll configure the attributes for GreenLake CCS, then Central. First enter the PCID for the account, followed by the GreenLake application ID. This will always be **00000000-0000-0000-0000-000000000000**. Then followed by the role name and **ALL_SCOPES**. Next will be the Aruba Central info. Start with the **app cid**, then the role name (IE Aruba Central Administrator) then **ALL_SCOPES**.
 
@@ -81,13 +81,11 @@ Example:
 
 If you want to add additional GreenLake applications or if you have multiple Aruba Central accounts, you can add them as well. Just follow the same syntax as before. Once you have the attribute defined, enter it into the SAML attribute statement in Okta as shown below.
 
-![](/img/image6.png)
+![](/img/ws-image6.png)
 
 2. Complete the setup.
 
-![](/img/image7.png)
-
-![](/img/image8.png)
+![](/img/ws-image7.png)
 
 Click Next and Select “Internal App” then Finish
 
@@ -99,7 +97,7 @@ Click Next and Select “Internal App” then Finish
 
    Suggestion: Click **Identity Provider metadata** and save the XML data to a file.
 
-   ![](/img/image9.png)
+   ![](/img/ws-image9.png)
 2. Click Next
 3. Select Internal app and Click Finish
 
@@ -109,32 +107,32 @@ Click Next and Select “Internal App” then Finish
 
    *Before you can add a new SAML configuration, you must have at least one user account with that domain already enabled in GreenLake. Also, you must be logged into GreenLake with an account from that domain in order to enable SSO for that domain.*
 
-   ![](/img/image10.png)
+   ![](/img/ws-image10.png)
 2. Type in the domain you want to enable SSO on:
 
-   ![](/img/image11.png)
+   ![](/img/ws-image11.png)
 3. Input the metadata from the above step
 
    While GreenLake does support manually entering this info, it’s recommended to simply upload the XML metadata that was downloaded in the previous step. Select Metadata File and select the XML. Then click Next.
 
-   ![](/img/image12.png)
+   ![](/img/ws-image12.png)
 4. Enter the SAML attributes to match what was entered in Okta and set the idle timeout value as well.
 
-   ![](/img/image13.png)
+   ![](/img/ws-image13.png)
 5. Then click Next.
 6. Create a recovery user in the event SSO fails, an admin will still be able to access GreenLake.
 
-   ![](/img/image14.png)
+   ![](/img/ws-image14.png)
 
    Congratulations SSO will now be enabled for GreenLake as well as the Aruba Central application. Log out and on the GrenLake home page, click Sign in with SSO.
 
 **Testing and Troubleshooting:**
 
 On the GreenLake Cloud Platform home page, Click Sign in with SSO.
 
-![](/img/image15.png)
+![](/img/ws-image15.png)
 
-![](/img/image16.png)
+![](/img/ws-image16.png)
 
 Enter the SSO credentials and you will be redirected to Okta to authenticate. Once you successfully authenticate, you will be redirected back to GreenLake. You can then click on the Aruba Central application and given access based on the configured role/permissions.
 
@@ -152,12 +150,12 @@ Enter the SSO credentials and you will be redirected to Okta to authenticate. On
 * Okta Verify (Okta native MFA app) example:
 * Okta Admin portal > Security > MFA > Factor Type – Okta Verify Enable
 
-![](/img/image17.png)
+![](/img/ws-image17.png)
 
 1. Click Factor Enrollment and create an enrollment policy.
 2. Then select the user groups to apply this policy to.
 3. For MFA enable verify with push.
 
-![](/img/image18.png)
+![](/img/ws-image18.png)
 
-![](/img/image19.jpeg)
+![](/img/ws-image19.jpeg)