Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

SSO Providers (SAML 2.0)

Juniper Apstra 5.1 supports SAML 2.0 for SSO between Juniper Apstra, Apstra Cloud Services, and Apstra Flow. Apstra supports several different SSO providers, but this guide documents the setup of SAML 2.0 SSO with Okta Workforce Identity Cloud for seamless SSO within the Juniper Apstra software suite.

Introduction

Juniper Apstra supports Security Assertion Markup Language (SAML) 2.0 for seamless Single-Sign On (SSO) between Juniper Apstra, Apstra Cloud Services (ACS), and Apstra Flow. SAML 2.0 allows authentication and authorization across different platforms and services. It establishes a “trust” relationship between the Service Provider (SP) and the Identity Provider (IdP). In the case of Juniper Apstra, the SPs are Juniper Apstra, ACS, and Apstra Flow. Juniper Apstra 5.1 uses Okta Workforce Identity Cloud as an IdP for SAML 2.0, but supports other SSO providers. The IdP is the entity that authenticates each user.

When a user tries to access an SP, they are redirected to the IdP (Okta) for authentication. If successful, the IdP generates a signed SAML assertion and sends it to the SP, which then grants access. With SAML 2.0, users only authenticate once with the IdP, and can access multiple applications without re-entering credentials, improving the user experience. Set up your SAML 2.0 SSO provider with Okta, authenticate once, and seamlessly move between Juniper Apstra, ACS, and Apstra Flow.

Related Documentation