Authentication via Okta

Marek Chladny · February 3, 2021, 8:08pm

Hi,

Has anyone succeeded in implementing authentication using Okta?

Thanks.

JohnBClark · February 3, 2021, 8:22pm

I have no idea what Okta is. I don’t remember seeing anything about that in the supported interfaces.

Ok1993 · February 3, 2021, 8:26pm

I have seen few successful cases. Are you facing any issues ?

Marek Chladny · February 3, 2021, 9:08pm

Well, I don’t even know where and how to start with it Do you have any tutorial that you can share?

pperrier · February 5, 2021, 12:43pm

Hi.

I have done it before with Tableau. Although I don’t know how to do it with SAP BOBJ I suspect the steps would be quite similar. It’s via SAML authentication which is supported since SAP BI 4.2 SPsomething.

I’d advise looking at configuring BOBJ with SAML.

Good luck. When you find out how maybe you want to share your new knowledge here!

Take care.
Patrick

Marek Chladny · February 5, 2021, 7:18pm

Thanks. We will try it once we will be provided with infrastructure for our new cloud-based BOBJ systems.

bension · February 5, 2021, 10:47pm

For those who aren’t aware, okta is an identity provider.

I did use okta with 4.1 at my previous company, unfortunately I wasn’t involved in the setup. I do recall you need to have an enterprise account setup for each user (we also used BW so had to have a BW alias).

If you haven’t already seen this already try this linke:
https://answers.sap.com/questions/687837/okta-authentication-with-sap-bi-42-sp06.html

Marek Chladny · March 16, 2021, 4:00pm

Another interesting issue has popped up:
We have 2 groups of users - LDAP and SAP. WE need OKTA to be activated/triggered only for the LDAP users, not for the SAP users. Do you have an idea how to implement it? Is it possible to configure 2 sets of URLs or BOBJ applications (CMC, Launchpad, Fiori Launchpad, OpenDocument), one for LDAP users (with OKTA) and for SAP users (with no OKTA)?

Thank you.

JohnBClark · March 16, 2021, 5:51pm

While I haven’t done anything like this, I have been thinking about something similar, I want to host the web front end for our non-production environments on the same set of web servers.

I think you should certainly be able to deploy a second set of files for a separate url. I would think this would be a use of wdeploy to deploy the webapp files to a new directory.

What I don’t know is how the directory end of things would need to be configured in the web server (we use Tomcat).

What I also don’t know in your case, is what may need to be configured differently for your two log in scenarios that might be in a common area for the web server. This could be overcome though by using separate web servers.

I know this isn’t much but I already had some thoughts similar to this.