Typical settings for an IdP

Before you begin configuring Single Sign-On (SSO) for OVA deployments, make sure the IdP is set up for SSO.

This topic includes typical settings for a public Okta IdP that may be useful when you set up your IdP.

General SAML settings

Setting Value

Single sign-on URL

This is also referred to as the Assertion Consumer Service (ACS).

https://<hostname>/vmturbo/saml2/sso/<samlRegistrationID>

Where:

  • <hostname> is the host for Turbonomic.
  • <samlRegistrationID> is the Registration ID from your SSO provider.
Single logout URL

https://<hostname>/vmturbo/saml2/logout/saml2/slo

Where:

  • <hostname> is the host for Turbonomic.
Recipient URL

https://<hostname>/vmturbo/saml2/sso/<samlRegistrationID>

Where:

  • <hostname> is the host for Turbonomic.
  • <samlRegistrationID> is the Registration ID from your SSO provider.
Destination URL

https://<hostname>/vmturbo/saml2/sso/<samlRegistrationID>

Where:

  • <hostname> is the host for Turbonomic.
  • <samlRegistrationID> is the Registration ID from your SSO provider.
Audience Restriction urn:test:turbo:markharm
Default Relay State
Name ID Format

Unspecified
Application username

The username for the account that is managed by Okta
Response Signed
Assertion Signature Signed
Signature Algorithm RSA_SHA256
Digital Algorithm SHA256

Assertion Encryption

 Unencrypted

SAML Single Logout

 Enabled
Single Logout URL (where <hostname> is the host that Turbonomic runs on) https://<hostname>/vmturbo/rest/logout
SP Issuer turbo
Signature Certificate Example.cer (CN=apollo)
authnContextClassRef PasswordProtectedTransport
Honor Force Authentication Yes
SAML Issuer ID http://www.okta.com/$(org.externalKey)

SAML group attribute statements

Name Name format Filter
group Unspecified Matches regex:.*admin.*.