BookmarkSubscribeRSS Feed

Using Okta as the Identity Provider for SAS Viya Workbench

Started 2 weeks ago by
Modified 2 weeks ago by
Views 226

SAS Viya Workbench requires an OpenID Connect compliant Identity Provider to authenticate users.

 

This article shows how to create an Okta App registration, and how to configure SAS Viya Workbench to use it.

 

The steps below can be performed after the tasks described in Starting with SAS Viya Workbench are completed, and an Administrator can access the SAS Viya Workbench Organization Administration page.

 

1) Configure a Domain

  • Let's start the configuration by adding a domain. This is needed so that users can be directed to the Identity Provider that will be configured based on their email address.
  • In the SAS Viya Workbench Organization Administration page, click New Domain.
ok1-wbnd.png

 

 

  • Add a domain for your organization so that SAS Viya Workbench can properly direct users to your Identity Provider based on the user's email address.

ok2-wbd.png

Important: The domain above is just an example. Add only domains you control for this configuration.

 

  • Click OK.
ok3-wbdok.png

 

2) Create an App.

  • Log into the Okta portal as an Admin and create the application.
  • Make sure you select OIDC - OpenID Connect as the Sign-in method and Web Application as the Application type.
  • Provide the required details such as the app integration name and the app assignments (to control who will be able to use it).
    • Don't worry about configuring the redirect URIs for now - this will be done later.

 

3) Start creating the SSO connection.

  • In the SAS Viya Workbench Organization Administration page, switch to the Authentication tab and click New SSO Connection.
ok4-wbnc.png

 

4) Give the connection a meaningful name.

 

ok5-wbncn.png

 

5) Configure credentials

  • Client Id.

Okta Console

Workbench Organization Admin

Navigate to your App -> General -> Client Credentials and copy the Client ID value.

Paste it under Credentials -> Client id in the SAS Viya Workbench SSO connection configuration.
ok6-ccid.png

ok7-pcid.png

 

  • Client Secret.

Okta Console

Workbench Organization Admin

Navigate to your App -> General -> CLIENT SECRETS. Generate a new secret if needed. Copy the secret's value.

Paste it under Credentials -> Client secret in the SAS Viya Workbench SSO connection configuration.

ok8-ccs.png

ok9-pcs.png

 

 

5) Configure the App for authentication.

  • Go back to the SAS Viya Workbench SSO connection configuration page and click the copy button for the Login redirect URI:
ok10-wbru.png
  • In the Okta Console, navigate to your App -> General Settings, and click Edit.
ok11-edit.png

 

  • Scroll down to LOGIN -> Sign-in redirect URIs, click + Add URI and paste the Redirect URI you copied above.

 

ok12-siru.png

 

  • Scroll down to Sign-out redirect URIs, click + Add URI.
  • Paste the Redirect URI you copied above and append /logout_response to it.
ok13-soru.png

 

  • Save the changes.

 

6) Import the App configuration.

  • Click Import from URL next to Configuration in the SAS Viya Workbench SSO connection configuration.
hedanc_0-1723154170272.png

 

  • Provide the OpenID Connect metadata document URL.
Okta Workbench Organization Admin
Find your OpenID Connect Metadata URL. Paste the URL and click Import.

This is typically 

https://{yourOktaOrg}/.well-known/openid-configuration?client_id={your app client id}

 

For more information, please see here: https://developer.okta.com/docs/concepts/auth-servers/#discovery-endpoints-org-authorization-servers

 

ok14-wnc.png

 

  • The OpenID Configuration should be populated based on the URL you provided.
ok15-cf.png

 

  • Scroll down towards the end of the JSON, and add the following config: "defaultScope":"openid profile email". Don't forget the comma before as this must be valid JSON.
ok16-ds.png


7) Save the configuration.

  • This is what your New SSO Connection dialog should look like. Click OK.
ok17-full.png

 

 

8 )Login as an Idp user.

  • Logoff as the Organization Administrator user: Click the top right icon and then Sign out.
  • Login as a user that exists in the App registration tenant.
  • You will be redirected to Okta for authentication (if you are not already authenticated).
  • The user will be presented the SAS Viya Workbench home page. This indicates a successful login.
hedanc_8-1723177467454.png

 

That's it. Now users can start Using SAS Viya Workbench.

Version history
Last update:
2 weeks ago
Updated by:
Contributors

sas-innovate-wordmark-2025-midnight.png

Register Today!

Join us for SAS Innovate 2025, our biggest and most exciting global event of the year, in Orlando, FL, from May 6-9. Sign up by March 14 for just $795.


Register now!

Article Tags