Okta Integration
Steps to Obtain Metadata from Okta: Log in to Okta Admin Console: Go to the Okta admin panel and select the application youβre integrating.
Download Metadata: Look for an option to download the SAML metadata XML file. This file contains all the necessary details youβll need to fill out in your software.
Extract Information: Open the metadata file in a text editor and locate the required fields as outlined above.
Once youβve filled out all these details in your software, you should be able to connect the application to Okta via SAML. Be sure to test the connection to verify that authentication is working correctly.
Follow the below step-by-step Okta walk-through and you'll be ready in no time π!
- Login to okta admin setup
- Login will look something like the following:
- https://<company-admin>.okta.com/admin/apps/active
- Go to "Application" navigation link listed on website's left
- Select your application (in this case, I have chosen my application "Clearsquare Portal").
ο»Ώ
![[Step 3] | Choose application](https://images.archbee.com/kXX8wW2Q83jcfcYN8-FeX/xULPZFA4z4T7aiuWkYKgk_image.png?format=webp "[Step 3] | Choose application")
ο»Ώ
![[ Step 4 ] |General tab](https://images.archbee.com/kXX8wW2Q83jcfcYN8-FeX/IimVWPNC2ERXnOJPT6HZC_image.png?format=webp "[ Step 4 ] |General tab")
[Step 4]ο»Ώ
- Scroll down to the "SAML Settings" section and click the "Edit" button.
- The blurred-out value is your server's API endpoint. This will be exactly the same as your Admin Portal's URL.
- Example: admin-analytics.yoursubdomain.com
![[Step 5] SAML Settings - Edit button](https://images.archbee.com/kXX8wW2Q83jcfcYN8-FeX/CKMCx7_Hk9y0Wx-ZyYnUN_image04.jpg?format=webp "[Step 5] SAML Settings - Edit button")
- You will be redirected to the "Edit SAML Integration" section.
- Enter an "App name".
- Upload an image for the "App logo" if you have one.
- Then click on the "Next" button.
![[Step 5] Edit SAML Integration - Basic setup](https://images.archbee.com/kXX8wW2Q83jcfcYN8-FeX/Ej07OarVjnF0Hfrxe-bOg_image05.jpg?format=webp "[Step 5] Edit SAML Integration - Basic setup")
- You will have been navigated to the "Configure SAML" tab.
- Here we will add a Single sign-on URL and URI (SP Entity ID)
- If the "Use this for Recipient URL and Destination URL" is not checked then make sure to select the box β before continuing.
Single sign-on URL: https://admin-analytics.yoursubdomain.com/api/saml
Audience URI (SP Entity ID): https://admin-analytics.yoursubdomain.com
Default RelayState: Value should be blank. See Step 8 image.
Name ID format: Unspecified
Application username: Okta username
Update application username on: Create and update
- At the bottom of the screen you will see the "Show Advanced Settings".
- Click that link to set up logout capabilities.
![[Step 8] Edit Advanced Settings](https://images.archbee.com/kXX8wW2Q83jcfcYN8-FeX/Bbn16NXncZw_jhnHQMKFQ_image06.jpg?format=webp "[Step 8] Edit Advanced Settings")
- Signature Certificate and Enable Single Logout (optional)
- Upload βSignature Certificateβ file (If required).
- ο»ΏSee Logout setup video π [Coming Soon]ο»Ώ
- βEnable Single Logoutβ by clicking on βAllow application to initiate Single Logoutβ.
- ο»ΏSee Logout setup video π [Coming Soon] for more details.ο»Ώ
Single Logout URL: https://admin-analytics.yoursubdomain.com/api/logout/callbackο»Ώ
SP Issuer: https://admin-analytics.yoursubdomain.comο»Ώ
ο»Ώ
![[Step 9] SSO setup Okta](https://images.archbee.com/kXX8wW2Q83jcfcYN8-FeX/RLjBl6QaYQFXPZdwQCu_J_image07.jpg?format=webp "[Step 9] SSO setup Okta")
ο»Ώ
- Setting SAML Attribute Statements (optional)ο»Ώ
- This will allow for JIT provisioning of users to workspaces, groups, pages and any user-attribute-based filters based on what is provisioned in SSO.
- Go to "Edit SAML Integration" -> "SAML Settings" -> "Attribute Statements" (optional)ο»Ώ
Name (Clearsquare) | Name format (optional) | Value (Okta) |
|---|---|---|
user.firstName | Unspecified | user.firstName |
user.lastName | Unspecified | user.lastName |
user.email | Unspecified | user.email |
user.username | Unspecified | user.login |
ο»Ώuser.workspaceο»Ώ | ο»ΏUnspecifiedο»Ώ | ο»Ώuser.company_idο»Ώ |
ο»Ώuser.groupο»Ώ | ο»ΏUnspecifiedο»Ώ | ο»Ώuser.role_idο»Ώ |
ο»Ώ
- After that scroll down and click on "Next" button.
- You're all set here now click the "Finish" button.
![[Step 10] Complete SAML Editing](https://images.archbee.com/kXX8wW2Q83jcfcYN8-FeX/UCyuzI_AfyeYIpp9ZUHZU_image09.jpg?format=webp "[Step 10] Complete SAML Editing")
ο»Ώ
![[Step 10] Complete SAML Editing](https://images.archbee.com/kXX8wW2Q83jcfcYN8-FeX/MmReyU7l9xXw-s4RBf8Vd_image10.jpg?format=webp "[Step 10] Complete SAML Editing")
- The next step places you on the "Sign On" tab.
- Click the "Copy" to place the Metadata URL value on your clipboard.
![[Step 11] SSO setup Okta](https://images.archbee.com/kXX8wW2Q83jcfcYN8-FeX/Ia43AmwQP8Lm2Hf-Qb5be_image11.jpg?format=webp "[Step 11] SSO setup Okta")
- Go to SSO Add section of the admin portal
- Example link: https://admin-analytics.yoursubdomain.com/sso/add Β Β Β Β
![[Step 12] Configure & Verify SSO Settings in the Admin Portal](https://images.archbee.com/kXX8wW2Q83jcfcYN8-FeX/2CZ4iuXWejNpoL2efF0cd_12.png?format=webp "[Step 12] Configure & Verify SSO Settings in the Admin Portal")
ο»Ώ
