Authenticating SAML

If you have Okta configured to use AD as the source directory whereby Privileged Access Service can see the same directory through the connector, choose from the following:

• Set up groups in Okta, add AD groups as members, and set up group mapping in the SAML partnership.

• Do not create groups in Okta, but configure Delinea PAS to look up the user in AD/LDAP and then use the directory groups for permission/rights within Delinea PAS. Instead, try one of the following:

• Force the lookup. If the user is not found, reject the login.

• Try the the lookup and use the groups (if present), but do not reject the login.

• Add groups from Okta into roles to grant permissions/rights within Delinea PAS.

To customize the login session timeout value for user accounts federated from Okta to Delinea PAS, contact Delinea Support. This value is the duration for the user's login session. A suggested timeout value might be 4 hours, 8 hours, etc.