Account Management
      Back to home
      1. Documentation
      2. Account Management

      Configuring Okta for SSO

      SSO is an Enterprise-only feature. To configure SSO, you MUST contact your Osano Support Representative

      Jump to instructions for: SAML or Openid

       

      Configuring Okta for SSO via Openid

      1. Log in to Okta as an administrator. 
      2. Within the top banner, make sure that Classic UI is selected from the drop-down menu.
      3. Go to Applications from the top menu.
      4. Click Add Application.
      5. Click Create New App. 
      6. In the Sign-on method field, select OpenID Connect, and click "Create." 


      7. In the App Name field, enter a name, and click Next. 
      8. Set the following in Okta
        • Login redirect URIs field:  
          https://auth.osano.com/oauth2/idpresponse

      9. In Okta, click "Save." 
      10. Select the General tab.
      These must be sent to your Osano Support Representative. Copy your Okta Domain, Client ID, and Client Secret. Once provided, Osano will configure these settings for your account and the connection is established. Navigate to my.osano.com and enter your email. You will now be directed to login via your organization’s SSO. 

      Configuring Okta for SSO via SAML

      Note: IDP (Okta dashboard) initiated logins will not work for SAML setups. You can, however, create a workaround via an Okta bookmark if you wish users to access the application via their Okta dashboard. See Okta Documentation on Creating Bookmarks. 

      Note: You must have an Okta account with admin privileges to complete this setup.

      1. Log in to Okta as an administrator. 
      2. Within the top banner, make sure that Classic UI is selected from the drop-down menu.
      3. Go to Applications from the top menu.
      4. Click Add Application.
      5. Click Create New App. 
      6. In the Sign-on method field, select SAML 2.0, and click "Create." 


      7. In the App Name field, enter a name, and click Next. 
      8. Enter values for the following fields:
      Single sign-on URL 
      https://auth.osano.com/saml2/idpresponse
      Identifier/Entity ID (Audience URI) 
      urn:amazon:cognito:sp:us-east-1_7GtagkRKw

      1. Add the following attributes in the "ATTRIBUTE STATEMENTS (OPTIONAL)" section:
      Attribute name:   
      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
      Attribute name format:  
      Unspecified
      Attribute value:  
      user.email
      Attribute name:   
      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
      Attribute name format:  
      Unspecified
      Attribute value:  
      user.email

      1. In Okta, click "Next." 
      2. Click Finish, and ensure that you assign your users.
      3. Navigate to the Applications window and click the Sign-On tab.
      4. Click Assignments if you want to assign either a User or Group.
      5. Click Assign, then Assign to People or Assign to Groups.
      6. Click View Setup Instructions.
      7. Send your Osano Support Representative your Metadata File. It should contain the following:
        • Identity Provider Issuer.
        • Identity Provider Single Sign-On URL.
        • The X.509 Certificate.

      Once provided, Osano will configure these settings for your account and the connection is established. Navigate to my.osano.com and enter your email.  You will now be directed to log in via your organization’s SSO.