Okta | SAML

1. Display name

Choose a name for your identity provider. This is the user-facing name, so choose a name your users will recognize. This can be changed later.

 

2. Redirect Mode

Select how the user will be redirected to the identity provider. You may configure more redirect modes after completing the setup.

 

3. Prepare IDP

Copy and save the Reply URL for later. You will need this when configuring Okta.

 

Configure Okta

If you are using SCIM with your provider, make sure to check out the documentation for configuring this before proceeding. It might be that you need to configure this first or at the same time as setting up SAML.

Login to Okta as an admin user.

Go to Applications → Applications in the menu and choose Browse App Catalog.

 

Sarch for Kantega and then select Kantega SSO.

Then click the Add integration button.

General Settings

Enter an appropriate Application label in General Settings.

Click Next.

Sign-on Options

Choose SAML 2.0 as Sign on method.

 

 

Copy and keep the Metadata URL from the Metadata details section. You will need this later when you continue Identity Provider setup in KSSO.

Go to the Advanced Sign-on Settings section.

Paste the Reply URL you copied from Kantega SSO Identity provider setup (step Prepare IDP) into the SAML ACS URL field (in Okta).

Click Save

 

Go to the Assignment tab and assign the users and groups that should be allowed to log into this app using SAML.

 

Go back to the Kantega SSO setup wizard.

4. Metadata

Choose Metadata XML. file published online (URL)

Paste the metadata URL you kept from the Okta app integration setup into the associated text field.

5. Redirect URL

No need to do anything. The Redirect URL is automatically fetched from the metadata you imported in the previous step.

 

6. Certificate

This step shows the certificate used to validate the SAML messages.

 

 

7. Summary

Check that everything looks good and submit your setup

 

Test

Test that log in with Okta works as expected. This will help identify if there are any issues with the configuration. Follow the steps to perform the login test.