Single Sign-On for Tanzu 1.16

1.16 1.15 1.14

Configuring a Single Sign-On Service Provider

Last Updated February 24, 2025

This topic tells you how to add an external identity provider to your Single Sign‑On for VMware Tanzu service plan.

Setting up SAML

  1. Log in to the SSO Operator Dashboard at https://p-identity.SYSTEM-DOMAIN as a Plan Administrator.

  2. Select your plan and click Manage Identity Providers on the dropdown.

    The Plans pane. In the dropdown menu for the plan Okta PCF SSO, the option Manage Identity Providers is highlighted.

  3. Click New Identity Provider to create a new identity provider.

    The New Identity Provider Pane.

  4. To create a new identity provider, perform the following steps:

    1. Enter an identity provider name into Identity Provider Name.
    2. (Optional) Enter a description into Identity Provider Description.

    3. Specify Identity Provider Metadata from step 11 of the Configure Okta as an Identity Provider topic.

      1. Option 1: Enter your Input Identity Provider Metadata URL and Fetch Metadata to fetch your identity provider metadata from an endpoint.
      2. Option 2: Click SAML File Metadata (optional) to upload your metadata XML manually.

    4. (Optional) Under Advanced SAML Settings, click Attribute Mappings to enter the mappings.

  5. Click Create Identity Provider.

  6. Click Resource Permissions.

  7. Click New Permissions Mapping and perform the following steps:

    1. Enter a Group Name.
    2. For Select Permissions, select the permissions that the members of the group from the external identity provider should have access to.

  8. Navigate to the identity provider list.

  9. Click Group Whitelist and enter the group names from the external identity provider that should be propagated in the ID token.