Okta | SAML

1. Display name

Choose a name for your identity provider. This is the user-facing name, so choose a name your users will recognize. This can be changed later.

 

2. Redirect Mode

Select how the user will be redirected to the identity provider. You may configure more redirect modes after completing the setup.

 

3. Prepare IDP

Copy and save the Callback URL for later. You will need this when configuring Okta

 

Configure Okta

External

If you are using SCIM with your provider, make sure to check out the documentation for configuring this before proceeding. It might be that you need to configure this first or at the same time as setting up SAML.

Login to Okta as an admin user.

Go to Applications → Applications in the menu and choose Create App Integration.

Choose SAML 2.0 as Sign-in method and click Next.

 

Under General Settings enter a suitable App name and click Next.

 

Paste the Callback URL you kept from the KSSO setup wizard in the Single sign on URL and the Audience URI fields.

Then add the following attributes to the Attribute Statements list:

  • givenName with format Unspecified and value user.firstName

  • surname with format Unspecified and value user.lastName

  • email with format Unspecified and value user.email

Click Next.

Fill out appropriate background info for the Okta support team and click Finish.

On the next page, locate and click the View SAML setup instructions button. Its located in the bottom right part of the page.

 

 

This opens a page with SAML setup information.

Copy all the XML content from the IDP metadata text field, located under the Optional heading at the bottom of the page. You will need this content afterwards in the KSSO setup wizard.

Note that all content of the IDP metadata text field may not be visible without expanding the text field size.

You will lastly on the Okta side go to Assignment tab and assign the users and groups that should be allowed to log into this app using SAML.

Go back to the Kantega SSO setup wizard.

4. Metadata

Choose Paste metadata XML.

Paste the XML content you kept from the Okta app integration setup into the associated text field.

 

 

5. Redirect URL

No need to do anything. The Redirect URL is automatically fetched from the metadata you imported in the previous step.

 

6. Certificate

This step shows the certificate used to validate the SAML messages.

 

7. Summary

Check that everything looks good and submit your setup

 

Test

Test that the log in with Okta works as expected. This will help identify if there are any issues with the configuration. Follow the steps to perform the login test.