Okta

Map groups to Lenses

Groups are case-sensitive and mapped by name with Okta

Integrate your user-groups with Lenses using the Okta group names. Create a group in Lenses using the same case-sensitive group name as in Okta.

For example, if the Engineers group is available in Okta, create a group with the same name:

The above group will match all the users in the equivalent Okta group:

Learn how to set data permissions for users and service accounts using Apache Kafka and Okta.

Set up Okta IdP

Lenses is available directly in Okta’s Application catalog.

Add application in the Catalog

Go to Applications > Applications
Click Browse App Catalog
Search for Lenses
Select Lenses
Add Lenses by pressing Add Integration

Set General Settings

App label: Lenses
Set the base url of your lenses installation e.g. https://lenses-dev.example.com
Click Done

Setup the Lenses SSO app

Setup is needed for Okta to provide user’s groups information.

Go to Applications > Applications > Lenses.io
Click Sign On tab
Change setting groups to Matches regex winth value .*.

Download idP XML metadata

Download the Metadata XML file with the Okta IdP details.

Go to Sign On tab > Settings > SAML 2.0 > Metadata details
Use provided URL and download the XML data to OktaIDPMetadata.xml
You will reference this file’s path in the security.conf configuration file.

lenses.security.saml.idp.metadata.file="/path/to/OktaIDPMetadata.xml"

Configure Lenses

Given the downloaded metadata file and a keystore, add the following configuration to security.conf:

lenses.security.saml.base.url="https://lenses-dev.example.com"
lenses.security.saml.idp.provider="okta"
lenses.security.saml.idp.metadata.file="/path/to/OktaIDPMetadata.xml"
lenses.security.saml.keystore.location = "/path/to/keystore.jks"
lenses.security.saml.keystore.password = "my_keystore_password"
lenses.security.saml.key.password = "my_saml_key_password"

Learn more about SSO with SAML in Okta documentation.

See all SSO options.