Search
K

Okta

Step by step guide on how to configure Okta SSO
Summary - Integrating with Okta SSO

Create application in Okta

As an admin, go to Applications -> Create App Integration and create a new SAML 2.0 integration:
In the step2 Configure SAML, add:
  1. 1.
    Get your "Organization ID" value from configure8 application in: Settings -> Organization -> Organization ID. Should be a hash string for instance: "7c4b66c9-22db-r2d2-8cea-126e781a5d42" .
    • Set the Single sign-on URL as "https://app.configure8.io/api/v1/auth/saml/7c4b66c9-22db-r2d2-8cea-126e781a5d42/callback", replacing with your Org ID.
  2. 2.
    Audience URI as "https://app.configure8.io".
  3. 3.
    Name ID format to EmailAddress.
  4. 4.
    Application username to Email.
  5. 5.
    Next.
Okta will ask for feedback in the step 3, but this is not relevant.
After you setup your configure8 application in Okta, you should see the following information in Sign-On tab:

Set up SSO in configure8

The information that is needed for Single Sign-on Setup can be found in More Details section:
Copy Sign on URL and Signing Certificate then go to configure8 SSO menu (Settings->Organization->SSO->Setup) and paste it on the Login URL and Signing Certificate:
After saving, you will be provided with a Sign-on URL for your users to login:
Next, generate the XML metadata for Okta configuration. You will need the following data from generated XML:
Edit you Application SAML configuration in Okta and double check the information provide before matches. Location as Single sign-on URL, entityID as Audience URI (SP Entity ID) and EmailAddress as Name ID format mapping.

Set up user attributes

In order to assign users correct email, you should ensure that one of the following requirements is fulfilled:

First option - User Name to email

Your Okta users' Username are set to their emails like this:

Second option - other attributes

Your Attribute Statements mapping has email mapping to user.email:
This is how Okta will pass the correct value as user email.
Important: FirstName and LastName have to be specified for correct mapping.
After configuring SAML, you can save changes in your Okta application and start using SSO.
Copyright © 2023 configure8, Inc. All rights reserved.