SSO is an Enterprise-only feature. To configure SSO, you MUST contact your Osano Support Representative
Jump to instructions for: SAML or Openid
Configuring Okta for SSO via Openid
- Log in to Okta as an administrator.
- Within the top banner, make sure that Classic UI is selected from the drop-down menu.
- Go to Applications from the top menu.
- Click Add Application.
- Click Create New App.
- In the Sign-on method field, select OpenID Connect, and click "Create."
- In the App Name field, enter a name, and click Next.
- Set the following in Okta
- Login redirect URIs field:
https://auth.osano.com/oauth2/idpresponse
- Login redirect URIs field:
- In Okta, click "Save."
- Select the General tab.
Configuring Okta for SSO via SAML
Note: IDP (Okta dashboard) initiated logins will not work for SAML setups. You can, however, create a workaround via an Okta bookmark if you wish users to access the application via their Okta dashboard. See Okta Documentation on Creating Bookmarks.
Note: You must have an Okta account with admin privileges to complete this setup.
- Log in to Okta as an administrator.
- Within the top banner, make sure that Classic UI is selected from the drop-down menu.
- Go to Applications from the top menu.
- Click Add Application.
- Click Create New App.
- In the Sign-on method field, select SAML 2.0, and click "Create."
- In the App Name field, enter a name, and click Next.
- Enter values for the following fields:
https://auth.osano.com/saml2/idpresponseIdentifier/Entity ID (Audience URI)
urn:amazon:cognito:sp:us-east-1_7GtagkRKw
- Add the following attributes in the "ATTRIBUTE STATEMENTS (OPTIONAL)" section:
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddressAttribute name format:
UnspecifiedAttribute value:
user.emailAttribute name:
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameAttribute name format:
UnspecifiedAttribute value:
user.email
- In Okta, click "Next."
- Click Finish, and ensure that you assign your users.
- Navigate to the Applications window and click the Sign-On tab.
- Click Assignments if you want to assign either a User or Group.
- Click Assign, then Assign to People or Assign to Groups.
- Click View Setup Instructions.
- Send your Osano Support Representative your Metadata File. It should contain the following:
- Identity Provider Issuer.
- Identity Provider Single Sign-On URL.
- The X.509 Certificate.
Once provided, Osano will configure these settings for your account and the connection is established. Navigate to my.osano.com and enter your email. You will now be directed to log in via your organization’s SSO.