This article is to be used in conjunction with Adding a New SAML Authenticator & Enabling Single Sign On
Also see Okta documentation here.
- Sign in to Okta as an Administrator.
- Navigate to and click on Applications on the navigation menu.
- Click Create New App, and select SAML 2.0 as 'Sign on method' value.
- Give the app a recognizable name, e.g. IntelligenceBank SSO. Click Next.
- Under 'Single Sign On URL', input your IntelligenceBank domain URL, appending /auth at the end of it.
- Under 'Audience URI (SP Entity ID)', enter a custom name value for this integration. This value will be used later in IntelligenceBank under ServiceProvider. e.g. IntelligenceBank
- Click Next.
- Provide Feedback to Okta on the last step as needed and Save your App.
- You should now see your app listed. Click on it.
- Go to Sign On, and click the View Setup Instructions button. Keep this page open when setting up IntelligenceBank as per steps below.
- Once IntelligenceBank is setup, you can assign the users that should have access to the IntelligenceBank SAML App.
- Go to the Authenticator module area, located at https://myintelligencebankdomain/auth.
- Click Add New.
- Copy and paste the 'Identity Provider Single Sign-On URL' (1) value (retrieved from the View Setup Instructions page) into the 'RemoteURL' field.
- Copy and paste the 'Identity Provider Issuer' (2) value (retrieved from the View Setup Instructions page) into the 'Name' and 'Host' fields.
- Copy and paste the X.509 Certificate value (also retrieved from the View Setup Instructions page) WITHOUT the BEGIN and END CERTIFICATE parts, into the 'CertData' field.
- Enable Base64Attributes.
- Enter the 'Audience URI (SP Entity ID)' entered previously in Okta into the 'ServiceProvider' field.
- You can enter your Organization name into the 'OrganizationName' and 'OrganizationDisplayName' fields (optional).
- Enter a logout action destination URL (optional) into the 'SingleLogoutService' field. e.g. https://ssodemo.intelligencebank.com/logout
- When ready to turn the Authenticator on, update it to "Disabled" = Off. All users will be enabled as SSO Users by default. To disable SSO authentication for select users, go to their user profile under Admin > Users, and enable the IntelligenceBank Login option.