Okta configuration as IdP for SAML
  • 12 Nov 2020
  • 3 Minutes To Read
  • Print
  • Share
  • Dark
    Light

Okta configuration as IdP for SAML

  • Print
  • Share
  • Dark
    Light

Okta is an Identity Provider (IdP) used by many Service providers. The setup and configuration are pretty much straight forward and easy. Accounts should be created first with Okta.
Back at Document360 projects, only the account owner or an administrator could get the Enterprise SSO setup configured.

Note

Have the Document360 Enterprise SSO page open in a different tab. It would come in handy when you have to retrieve certain field values from the page during the setup.

Okta Signup

  1. Sign up onto the Okta at https://developer.okta.com/signup/ the Okta developer console
  2. Post sign-up you would receive a mail with your login credentials and account activation link on the Email provided during sign-up
  3. Click on the activation link and you would be redirected to your Okta Domain login page
  4. Login with your credentials
  5. On successful login, the Dashboard would be displayed on the Okta developer console domain.

Adding an application

To configure an application to Okta, the user must create a new application.

4_ScreenGIF-Okta-create-new-application-SAML-min

  1. The default dashboard would be as a Developer console. It has to be changed to Classic UI

  2. On the top left corner of the page, you’d find a dropdown to toggle between the dashboards

  3. To create a new application, go to Applications menu and click on Applications in the drop-down.

  4. Now click on the Add application button on the window

  5. On the Add Application page click on the Create New App button

  6. In the overlay Create a New Application Integration window select the platform as Web from the dropdown

  7. Now in the Sign on method select SAML 2.0 and click on the Create button

Creating a SAML integration

Now in Okta the users would land on the Create SAML Integration page

  1. On the General Settings page, enter the name of your new application in the App name field
  2. Browse and upload a Logo for you application in the Add Logo field if required, as it’s not mandatory
  3. In the App visibility you can choose either or both the options depending on your requirement.
  4. Click on the Next button

7_Screenshot-SAML-configuration-parameters-in-Okta-general-setting

  1. In the SAML Settings page the user has to fill in the parameters provider by Document360
  2. Head back to the Document360 Enterprise SSO page and SAML tab in it

6_Screenshot-SAML-configuration-parameter-for-Okta-setup

  1. The Callback path provided should be entered in the Single sign on URL field on the Okta SAML settings page
  2. Similarly the Service Provider Entity Id should be entered in the Audience URI (SP Entity ID) field on the Okta SAML settings page

9_Screenshot-SAML-configuration-parameters-in-Okta-Configure-SAML

  1. Next field Default RelayState identifies a specific application resource in an IDP initiated SSO. This field can be left blank

  2. For the Name ID Format field select EmailAddress from the drop-down

  3. The Application username by default would be as Okta username. Change it to Email from the drop-down

  4. The Attribute Statements field is when you create a new SAML integration, or modify an existing integration, you can define custom attribute statements

  5. These statements are inserted into the SAML assertions shared with your app.

Name Name format Value
urn:oasis:names:tc:SAML:2.0:nameid URI Reference user.email
name Unspecified user.email
email Unspecified user.email
Info

Add urn:oasis:names:tc:SAML:2.0:nameid in name, URI Reference as Name format, and user.email as value

Click the Add Another button and add

  • name in the Name field, Unspecified in the Name format, and user.email as value
  • email in the Name field, Unspecified in the Name format, and user.email as value
  1. The Group Attribute Statements field is in case you use groups to categorize users, you can add group attribute statements to the SAML assertion shared with your app. However this optional.

  2. Now click on the Next button at the end of the page

  3. In the Are you a customer or partner? Select the relevant option. (If you're unsure about this you can select the "I'm an Okta customer adding an internal app" and you can skip filling out the fields)

  4. Click on Finish

You’ve created an application on the Okta platform which can be configured with the Service provider

Was This Article Helpful?