close
keyboard_arrow_left
Table of Contents
- play_arrow Getting Started
- play_arrow Blueprints
- play_arrow Blueprint Analytics
- What are Blueprint Analytics
- play_arrow Dashboards
- What are Blueprint Analytics Dashboards
- Configure Auto-Enabled Blueprint Analytics Dashboards
- Instantiate Predefined Blueprint Analytics Dashboard
- play_arrow Predefined Dashboards
- Create Blueprint Analytics Dashboard
- Export Blueprint Analytics Dashboard
- Import Blueprint Analytics Dashboard
- Update Blueprint Analytics Dashboard
- Delete Blueprint Analytics Dashboard
- play_arrow Anomalies
- play_arrow Probes
- What are Probes
- Show Context Patterns
- Instantiate Predefined Probe
- play_arrow Predefined Probes
- Probe: BGP Monitoring
- Bandwidth Utilization Probe
- Critical Services: Utilization, Trending, Alerting Probe
- Device Environmental Checks Probe
- Device System Health Probe
- Device Telemetry Health Probe
- Device Traffic Probe
- Drain Traffic Anomaly Probe
- ECMP Imbalance (External Interfaces) Probe
- ECMP Imbalance (Fabric Interfaces) Probe
- ECMP Imbalance (Spine to Superspine Interfaces) Probe
- ESI Imbalance Probe
- EVPN Host Flapping Probe
- EVPN VXLAN Type-3 Route Validation Probe
- EVPN VXLAN Type-5 Route Validation Probe
- External Routes Probe
- Hot/Cold Interface Counters (Fabric Interfaces) Probe
- Hot/Cold Interface Counters (Specific Interfaces) Probe
- Hot/Cold Interface Counters (Spine to Superspine Interfaces) Probe
- Hypervisor and Fabric LAG Config Mismatch Probe (Virtual Infra) Probe
- Hypervisor and Fabric VLAN Config Mismatch Probe
- Hypervisor MTU Mismatch Probe (Virtual Infra - NSX-T Only)
- Hypervisor MTU Threshold Check Probe (Virtual Infra)
- Hypervisor Missing LLDP Config Probe (Virtual Infra)
- Hypervisor Redundancy Checks Probe (Virtual Infra)
- Interface Flapping (Fabric Interfaces) Probe
- Interface Flapping (Specific Interfaces) Probe
- Interface Flapping (Spine to Superspine Interfaces) Probe
- Interface Policy 802.1x Probe
- LAG Imbalance Probe
- Leafs Hosting Critical Services: Utilization, Trending, Alerting Probe
- Link Fault Tolerance in Leaf and Access LAGs Probe
- MAC Monitor Probe
- MLAG Imbalance Probe
- Multiagent Detector Probe
- Optical Transceivers Probe
- Packet Discard Percentage Probe
- Spine Fault Tolerance Probe
- Total East/West Traffic Probe
- VMs without Fabric Configured VLANs Probe (Virtual Infra) Probe
- VXLAN Flood List Validation Probe
- Create Probe
- play_arrow Probe Processors
- Accumulate Processor
- Average Processor
- BGP Session Processor
- Comparison Processor
- Environment Processor
- EVPN Type 3 Processor
- EVPN Type 5 Processor
- Extensible Service Collector Processor
- Generic Graph Collector Processor
- Generic Service Data Collector Processor
- Interface Counters Processor
- Logical Operator Processor
- MAC Processor
- Match Count Processor
- Match Percentage Processor
- Match String Processor
- Max Processor
- Min Processor
- Optical Threshold Processor
- Optical Xcvr Processor
- Periodic Average Processor
- Periodic Change Processor
- Range Processor
- Ratio Processor
- Service Collector Processor
- Set Comparison Processor
- Set Count Processor
- Standard Deviation Processor
- State Processor
- Subtract Processor
- Sum Processor
- System Utilization Processor
- Telemetry Service Health Processor
- Time in State Processor
- Traffic Monitor Processor
- Union Processor
- VXLAN Floodlist Processor
- Import Probe
- Update Probe
- Export Probe
- Delete Probe
- play_arrow Predefined Reports
- play_arrow Root Causes
- play_arrow Staged Datacenter Blueprints
- play_arrow Physical
- play_arrow Build
- play_arrow Topology
- play_arrow Nodes
- Nodes (Datacenter)
- Create Access Switch
- Delete Node
- Update Deploy Mode (Datacenter)
- Unassign Device (Datacenter)
- Execute CLI Show Command (Data Center Blueprint)
- play_arrow Change Hostnames / Names
- Change Assigned Interface Map
- Change Assigned ASN (Datacenter)
- Change Assigned Loopback IP Address (Datacenter)
- Edit Device Properties (Datacenter)
- Update Port Channel ID Range
- View Node's Static Routes
- play_arrow Generic Systems (Internal/External)
- play_arrow Links
- Links (Datacenter)
- play_arrow Add Links
- play_arrow Cabling Map
- play_arrow Link Speeds
- play_arrow LAG
- Change Assigned Link IP Addresses (Datacenter)
- Update Link Properties
- Fetch LLDP Data (Datacenter)
- Delete Link (Datacenter)
- play_arrow Interfaces
- play_arrow Racks
- play_arrow Pods
- play_arrow Planes
-
- play_arrow Virtual
- play_arrow Virtual Networks
- What are Virtual Networks
- Create Virtual Network
- Update Virtual Network Resource Assignments
- Reset Virtual Network Resource Group Override
- Import Virtual Network
- Export Virtual Network to CSV File
- Update Virtual Network Assignments
- Move Virtual Network to Different Routing Zone
- Change Virtual Network Description
- Change Virtual Network Details
- Delete Virtual Network
- play_arrow Routing Zones
- play_arrow Static Routes
- play_arrow Protocol Sessions
- play_arrow Virtual Infrastructure
-
- play_arrow Policies
- play_arrow Endpoints
- play_arrow Security Policies
- play_arrow Interface Policies
- play_arrow Routing Policies
- play_arrow Routing Zone Constraints
- play_arrow Tenants
-
- play_arrow Data Center Interconnect (DCI)
- play_arrow Integrated Interconnect
- play_arrow Over the Top or External Gateways
- play_arrow Settings
- Update ESI MAC msb
-
- play_arrow Catalog
- play_arrow Logical Devices
- play_arrow Interface Maps
- play_arrow Property Sets
- play_arrow Configlets
- play_arrow AAA Servers
- play_arrow Tags
-
- play_arrow Tasks
- play_arrow Connectivity Templates
- Connectivity Templates Introduction
- play_arrow Primitives
- Virtual Network (Single) Primitive
- Virtual Network (Multiple) Primitive
- IP Link Primitive
- Static Route Primitive
- Custom Static Route Primitive
- BGP Peering (IP Endpoint) Primitive
- BGP Peering (Generic System) Primitive
- Dynamic BGP Peering Primitive
- Routing Policy Primitive
- Routing Zone Constraint Primitive
- User-defined
- Pre-defined
- Create Connectivity Template for Multiple VNs on Same Interface (Example)
- Create Connectivity Template for Layer 2 Connected External Router (Example)
- Update Connectivity Template Assignments
- Update Connectivity Template
- Delete Connectivity Template
- play_arrow Fabric Settings
- play_arrow Fabric Policy
- play_arrow Severity Preferences
-
-
- play_arrow Staged Freeform Blueprints
- Freeform Introduction
- play_arrow Blueprints
- play_arrow Physical
- play_arrow Selection
- play_arrow Topology
- play_arrow Systems
- Systems Introduction (Freeform)
- Create Internal System (Freeform)
- Create External System (Freeform)
- Update Assigned Config Template(Freeform)
- Update System Name (Freeform)
- Update Hostname (Freeform)
- Change Assigned Device Profile (Freeform)
- Update System ID Assignment (Freeform)
- Update Deploy Mode (Freeform)
- Add/Remove System Tags (Freeform)
- Delete System (Freeform)
- Device Context (Freeform)
- play_arrow Links
-
- play_arrow Resource Management
- Resource Management Introduction (Freeform)
- play_arrow Blueprint Resources
- play_arrow Allocation Groups
- play_arrow Local Pools
- play_arrow Catalog (Freeform)
- play_arrow Config Templates
- play_arrow Device Profiles
- play_arrow Property Sets
- play_arrow Tags
-
- play_arrow Tasks
- play_arrow Uncommitted Blueprints
- play_arrow Active Datacenter Blueprints
- play_arrow Time Voyager (Blueprints)
- play_arrow Devices
- Device Configuration Lifecycle
- What are Managed Devices
- Add Managed Device
- Drain Device Traffic
- Upgrade Device NOS
- Device AAA
- play_arrow Device
- play_arrow Agent
- play_arrow Pristine Config
- play_arrow Telemetry
- play_arrow Apstra ZTP
- What is Apstra ZTP
- Create User Profile for Communicating with ZTP Server
- Download and Deploy Apstra ZTP Server VM
- Configure Static Management IP Address for Apstra ZTP Server
- Replace SSL Certificate for Apstra ZTP Server GUI
- Create Vendor-specific Custom Configuration
- Configure Credentials for Apstra ZTP Server GUI
- Configure Apstra Server Connection Details
- Configure DHCP Server for Apstra ZTP
- ztp.json Keys
- Configure ztp.json with Configurator
- Configure ztp.json with CLI
- Show Apstra ZTP Logs
- Onboard Devices with Apstra ZTP
- Check ZTP Status of Devices and Services
- Reset Apstra ZTP GUI Admin Password
- Authenticate User (AZTP REST API)
- play_arrow Device Profiles
- play_arrow Design
- play_arrow Logical Devices
- play_arrow Interface Maps
- play_arrow Rack Types
- play_arrow Templates
- play_arrow Config Templates (Freeform)
- play_arrow Configlets (Datacenter)
- play_arrow Property Sets (Datacenter)
- play_arrow TCP/UDP Ports
- play_arrow Tags
-
- play_arrow Resources
- play_arrow Telemetry Analytics
- Analytics Telemetry Services
- Analytics Telemetry Service Registry
- Create Telemetry Service Schema
- Telemetry Collection Statistics
- Telemetry Streaming
- Apstra Telemetry Streaming Plugin for Telegraf
- Route Anomalies for a Host - Example
- Juniper Telemetry Commands
- Cisco Telemetry Commands
- Arista Telemetry Commands
- Linux Server Telemetry Command
- Debugging Telemetry
- play_arrow Flow Analytics
- play_arrow Apstra Flow Overview
- play_arrow Dashboards
- play_arrow Supported Flow Records
- play_arrow Flow Enrichment
- play_arrow Monitor Apstra Flow
- play_arrow Configuration Reference
- play_arrow API
- play_arrow Additional Documentation
- play_arrow Knowledge Base
-
- play_arrow Exploratory Analytics
- play_arrow Platform
- play_arrow User Management
- play_arrow Security
- play_arrow External Services
- play_arrow Streaming
- Event Log (Audit Log)
- Licenses
- play_arrow Apstra Edge
- play_arrow Apstra VM Clusters
- play_arrow Developers
- play_arrow Technical Support
- Check Apstra Versions and Patent Numbers
-
- play_arrow Favorites & User
- play_arrow Apstra Server Management
- Apstra Server Introduction
- Monitor Apstra Server via CLI
- Restart Apstra Server
- Reset Apstra Server VM Password
- Reinstall Apstra Server
- Apstra Database Overview
- Back up Apstra Database
- Restore Apstra Database
- Reset Apstra Database
- Migrate Apstra Database
- Replace SSL Certificate on Apstra Server with Signed One
- Replace SSL Certificate on Apstra Server with Self-Signed One
- Change Apstra Server Hostname
- FIPS 140-2 Support
- play_arrow Apstra CLI Utility
- play_arrow Guides
- play_arrow References
list Table of Contents
Configure SAML 2.0 SSO
date_range
21-Mar-25
This document walks you through the process of setting up SAML 2.0 Single-Sign On (SSO) for Juniper Apstra. This process uses Okta as the Identity Provider (IdP), but Juniper Apstra supports other IdPs such as Active Directory or Google Ping.
Create an SSO Provider Role Mapping
- Enter a group name that you want to have admin privileges. In this example,
we enter "admin_group".
This admin role maps to the corresponding group we create within Okta.
Create a New App Integration in Okta
Follow these steps to set up Juniper Apstra as an app
integration to work with Okta. Configure SAML 2.0 and SSO parameters for the desired
SSO behavior.
- From the Juniper Apstra GUI, select the External Systems dropdown
> Providers > SSO Providers > Create SSO
Provider. The Create SSO Provider window displays.
- From your Okta dashboard, select the Applications dropdown >
Applications > Create App Integration. The Create a new app window displays.
- Add group attribute statements for Apstra to recognize. For example, you might only want groups with an “admin_” prefix to be able to authenticate.
- To verify that SSO is configured, log out of Juniper Apstra. A Sign in with
SSO link should display in the login screen.
Assign Your New Okta Integration to Users
Assign users to your Juniper Apstra app integration
with Okta.
- Click the Assign dropdown > Assign to People.
The Assign to People window displays.
Assign Your New Okta Integration to User Groups
Assign groups of users to the Juniper Apstra app
integration with Okta.
- (Optional) To verify and edit specific People or Group assignments, select
the Directory dropdown, then select the People or Group
tab and click the username or user group you want to edit.
