Users
...
SSO
SSO Providers

Okta Integration

17min

Steps to Obtain Metadata from Okta: Log in to Okta Admin Console: Go to the Okta admin panel and select the application you’re integrating.

Download Metadata: Look for an option to download the SAML metadata XML file. This file contains all the necessary details you’ll need to fill out in your software.

Extract Information: Open the metadata file in a text editor and locate the required fields as outlined above.

Once you’ve filled out all these details in your software, you should be able to connect the application to Okta via SAML. Be sure to test the connection to verify that authentication is working correctly.

Follow the below step-by-step Okta walk-through and you'll be ready in no time πŸš€!

Step 1 | Logged in to Okta

  • Login to okta admin setup
    • Login will look something like the following:
      • https://<company-admin>.okta.com/admin/apps/active

Step 2 | Application

  • Go to "Application" navigation link listed on website's left
Document image
ο»Ώ

Step 3 | Select your Application

  • Select your application (in this case, I have chosen my application "Clearsquare Portal").

ο»Ώ

[Step 3] | Choose application
[Step 3]
ο»Ώ

Step 4 | General Tab

  • ο»Ώ

    [ Step 4 ] |General tab
    [Step 4]
    ο»Ώ

Step 5 | SAML Settings - Edit

  • Scroll down to the "SAML Settings" section and click the "Edit" button.
    • The blurred-out value is your server's API endpoint. This will be exactly the same as your Admin Portal's URL.
      • Example: admin-analytics.yoursubdomain.com
[Step 5] SAML Settings - Edit button
[Step 5]
ο»Ώ

Step 6 | Edit SAML Integration - Basic setup

  • You will be redirected to the "Edit SAML Integration" section.
    • Enter an "App name".
    • Upload an image for the "App logo" if you have one.
    • Then click on the "Next" button.
[Step 5] Edit SAML Integration - Basic setup
[Step 6]
ο»Ώ

Step 7 - Configure Single sign-on URL & Audience URI (SP Entity ID)

  • You will have been navigated to the "Configure SAML" tab.
    • Here we will add a Single sign-on URL and URI (SP Entity ID)
    • If the "Use this for Recipient URL and Destination URL" is not checked then make sure to select the box βœ… before continuing.

Examples

Single sign-on URL: https://admin-analytics.yoursubdomain.com/api/saml

Audience URI (SP Entity ID): https://admin-analytics.yoursubdomain.com

Default RelayState: Value should be blank. See Step 8 image.

Name ID format: Unspecified

Application username: Okta username

Update application username on: Create and update

Step 8 | Edit Advanced Settings

  • At the bottom of the screen you will see the "Show Advanced Settings".
    • Click that link to set up logout capabilities.
[Step 8] Edit Advanced Settings
[Step 8]
ο»Ώ

Step 9 | Enable Single Logout

  • Signature Certificate and Enable Single Logout (optional)
    • Upload β€œSignature Certificate” file (If required).
      • ο»ΏSee Logout setup video πŸ‘‰ [Coming Soon]ο»Ώ
    • β€œEnable Single Logout” by clicking on β€œAllow application to initiate Single Logout”.
      • ο»ΏSee Logout setup video πŸ‘‰ [Coming Soon] for more details.ο»Ώ

ο»Ώ

[Step 9] SSO setup Okta
[Step 9]
ο»Ώ

ο»Ώ

  • Setting SAML Attribute Statements (optional)ο»Ώ
    • This will allow for JIT provisioning of users to workspaces, groups, pages and any user-attribute-based filters based on what is provisioned in SSO.
    • Go to "Edit SAML Integration" -> "SAML Settings" -> "Attribute Statements" (optional)ο»Ώ

Name (Clearsquare)

Name format (optional)

Value (Okta)

user.firstName

Unspecified

user.firstName

user.lastName

Unspecified

user.lastName

user.email

Unspecified

user.email

user.username

Unspecified

user.login

ο»Ώuser.workspaceο»Ώ

ο»ΏUnspecifiedο»Ώ

ο»Ώuser.company_idο»Ώ

ο»Ώuser.groupο»Ώ

ο»ΏUnspecifiedο»Ώ

ο»Ώuser.role_idο»Ώ

ο»Ώ

Step 10 | Complete SAML Editing

  • After that scroll down and click on "Next" button.
  • You're all set here now click the "Finish" button.
[Step 10] Complete SAML Editing
[Step 10]
ο»Ώ

ο»Ώ

[Step 10] Complete SAML Editing
[Step 10]
ο»Ώ

Step 11 | SSO setup Okta

  • The next step places you on the "Sign On" tab.
    • Click the "Copy" to place the Metadata URL value on your clipboard.
[Step 11] SSO setup Okta
[Step 11]
ο»Ώ

Step 12 | Configure & Verify SSO Settings in the Admin Portal

  • Go to SSO Add section of the admin portal
    • Example link: https://admin-analytics.yoursubdomain.com/sso/add Β  Β  Β  Β 
[Step 12] Configure & Verify SSO Settings in the Admin Portal
[Step 12]
ο»Ώ

ο»Ώ