Configuring Okta for SSO

  • Updated

 

Configuring Okta for SSO via Openid (OIDC)

  • Log in to Okta as an administrator. 
  • Within the top banner, make sure that Classic UI is selected from the drop-down menu.
  • Go to Applications from the top menu.
  • Click Add Application.

  • Click Create New App. 
  • In the Sign-on method field, select OpenID Connect, and click "Create." 



  • In the App Name field, enter a name, and click Next. 

Set the following in Okta

  • Login redirect URIs field:  
    https://auth.osano.com/oauth2/idpresponse

 

  • In Okta, click "Save." 
  • Select the General tab.

These must be sent to an Osano Support Representative via the in-app help center.

Copy your Okta Domain, Client ID, and Client Secret. Once provided, Osano will configure these settings for your account and the connection is established. Navigate to my.osano.com and enter your email. You will now be directed to login via your organization’s SSO. 

 

Configuring Okta for SSO via SAML

Note: IDP (Okta dashboard) initiated logins will not work for SAML setups. You can, however, create a workaround via an Okta bookmark if you wish users to access the application via their Okta dashboard. See Okta Documentation on Creating Bookmarks. 

Note: You must have an Okta account with admin privileges to complete this setup.

  • Log in to Okta as an administrator. 
  • Within the top banner, make sure that Classic UI is selected from the drop-down menu.
  • Go to Applications from the top menu.
  • Click Add Application.

  • Click Create New App. 
  • In the Sign-on method field, select SAML 2.0, and click "Create." 




  • In the App Name field, enter a name, and click Next. 

  • Enter values for the following fields:

Single sign-on URL

https://auth.osano.com/saml2/idpresponse

Identifier/Entity ID (Audience URI)

urn:amazon:cognito:sp:us-east-1_7GtagkRKw

  • Add the following attributes in the "ATTRIBUTE STATEMENTS (OPTIONAL)" section:
  • Attribute name:  
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

Attribute name format: 

Unspecified

Attribute value: 

user.email

Attribute name:  

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

Attribute name format: 

Unspecified

Attribute value: 

user.email

  • In Okta, click "Next." 
  • Click Finish and ensure that you assign your users.
  • Navigate to the Applications window and click the Sign-On tab.
  • Click Assignments if you want to assign either a User or Group.
  • Click Assign, then Assign to People or Assign to Groups.
  • Click View Setup Instructions.
  • Send your Osano Support Representative your Metadata File. It should contain the following:
    • Identity Provider Issuer.
    • Identity Provider Single Sign-On URL.
    • The X.509 Certificate.
    • The domain(s) tied to the account (ex. @google.com)

Once provided, Osano will configure these settings for your account and the connection is established. Navigate to my.osano.com and enter your email.  You will now be directed to log in via your organization’s SSO.