This article is to be used in conjunction with Adding a New SAML Authenticator & Enabling Single Sign On
The steps below outline how to setup SSO between IntelligenceBank and Okta using the generic SAML 2.0 custom app setup.
An IntelligenceBanK SSO Application for Okta is also directly available when browsing through the Applications list. Steps are similar though simplified as unnecessary options will not appear. You can find the Okta documentation here.
- Sign in to Okta as an Administrator.
- Navigate to and click on Applications on the navigation menu.
- Click Create New App, and select SAML 2.0 as 'Sign on method' value.
- Give the app a recognizable name, e.g. IntelligenceBank SSO. Click Next.
- Under 'Single Sign On URL', input your IntelligenceBank domain URL, appending /auth at the end of it.
- Under 'Audience URI (SP Entity ID)', enter a custom name value for this integration. This value will be used later in IntelligenceBank under ServiceProvider. e.g. IntelligenceBank
- Click Next.
- Provide Feedback to Okta on the last step as needed and Save your App.
- You should now see your app listed. Click on it.
- Go to Sign On, and click the View Setup Instructions button. Keep this page open when setting up IntelligenceBank as per steps below.
- Once IntelligenceBank is setup, you can assign the users that should have access to the IntelligenceBank SAML App.
- Go to the Authenticator module area, located at https://myintelligencebankdomain/auth.
- Click Add New.
- Copy and paste the 'Identity Provider Single Sign-On URL' (1) value (retrieved from the View Setup Instructions page) into the 'RemoteURL' field.
- Copy and paste the 'Identity Provider Issuer' (2) value (retrieved from the View Setup Instructions page) into the 'Name' and 'Host' fields.
- Copy and paste the X.509 Certificate value (also retrieved from the View Setup Instructions page) WITHOUT the BEGIN and END CERTIFICATE parts, into the 'CertData' field.
- Enable Base64Attributes.
- Enter the 'Audience URI (SP Entity ID)' entered previously in Okta into the 'ServiceProvider' field.
- You can enter your Organization name into the 'OrganizationName' and 'OrganizationDisplayName' fields (optional).
- Enter a logout action destination URL (optional) into the 'SingleLogoutService' field. e.g. https://ssodemo.intelligencebank.com/logout
- When ready to turn the Authenticator on, update it to "Disabled" = Off. All users will be enabled as SSO Users by default. To disable SSO authentication for select users, go to their user profile under Admin > Users, and enable the IntelligenceBank Login option.