Skip to main content

Okta Integration

Connect IronWifi to Okta to let users authenticate to WiFi using their Okta credentials. This guide covers SAML setup for captive portals and RADIUS integration for WPA-Enterprise networks.

Prerequisites

  • Okta administrator account
  • IronWifi account with Connector access
  • Network connectivity between systems

Setting Up Okta SAML

Step 1: Create Okta Application

  1. Log into Okta Admin Console
  2. Navigate to Applications > Applications
  3. Click Create App Integration
  4. Select SAML 2.0
  5. Click Next

Step 2: Configure SAML Settings

General Settings:

  • App name: IronWifi
  • App logo: (optional)

SAML Settings:

FieldValue
Single sign-on URL{ACS URL from IronWifi}
Audience URI (SP Entity ID){Entity ID from IronWifi}
Name ID formatEmailAddress
Application usernameEmail

Step 3: Attribute Statements

Configure attribute mappings:

NameValue
emailuser.email
firstNameuser.firstName
lastNameuser.lastName

Step 4: Download Metadata

  1. Click Sign On tab
  2. Click Identity Provider metadata
  3. Save the XML file

Step 5: Configure IronWifi

  1. Navigate to Connectors > Add Connector
  2. Select Okta (SAML)
  3. Upload the metadata file
  4. Or enter manually:
    • IdP SSO URL
    • IdP Entity ID
    • X.509 Certificate
  5. Click Save

Step 6: Assign Users

In Okta:

  1. Go to the IronWifi application
  2. Click Assignments
  3. Assign users or groups

Setting Up Okta RADIUS

For WPA-Enterprise authentication via Okta:

Step 1: Enable RADIUS in Okta

  1. Navigate to Security > Delegated Authentication
  2. Enable RADIUS configuration
  3. Note the RADIUS server details

Step 2: Configure IronWifi Connector

  1. Navigate to Connectors
  2. Add an Okta connector
  3. Configure RADIUS forwarding:
    • Okta tenant URL
    • API token
    • RADIUS settings

Testing the Integration

SAML Testing

  1. Navigate to your Captive Portal URL
  2. Select Okta login
  3. Enter Okta credentials
  4. Verify successful authentication

RADIUS Testing

  1. Configure a device for WPA-Enterprise
  2. Enter Okta username/password
  3. Connect to the network
  4. Verify successful authentication

User Provisioning

Automatic Sync

Configure automatic user synchronization:

  1. In IronWifi, edit the Okta connector
  2. Enable Auto-sync
  3. Set sync interval
  4. Configure user filters
  5. Map attributes

Manual Import

Import users on-demand:

  1. Navigate to the connector
  2. Click Sync Now
  3. Review imported users

Group Mapping

Map Okta groups to IronWifi groups:

  1. In connector settings, go to Group Mapping
  2. Add mappings:
    • Okta Group → IronWifi Group
  3. Save configuration
  4. Run sync

Troubleshooting

SAML Errors

Invalid Signature:

  • Verify certificate is correct
  • Check certificate hasn't expired
  • Ensure metadata is up to date

User Not Found:

  • Verify user is assigned to app in Okta
  • Check attribute mapping
  • Confirm name ID format

Sync Issues

No Users Imported:

  • Check API token permissions
  • Verify network connectivity
  • Review filter settings

Attribute Mismatch:

  • Verify attribute statements in Okta
  • Check attribute mapping in IronWifi

Best Practices

  1. Use groups - Manage access via Okta groups
  2. Regular sync - Keep users current
  3. Monitor logs - Watch for authentication failures
  4. Test thoroughly - Verify all authentication flows
  5. Document - Keep configuration details recorded