Note: This article is to be used in conjunction with Adding a New SAML Authenticator & Enabling Single Sign On.
The steps below outline how to set up SSO between IntelligenceBank and Okta using the generic SAML 2.0 custom app setup.
An IntelligenceBank SSO Application for Okta is also directly available when browsing through the Applications list. Steps are similar though simplified, as unnecessary options will not appear. You can find the Okta documentation here.
In Okta
- Sign in to Okta as an Administrator.
- Navigate to and click on Applications on the navigation menu.
-
Click Create New App, and select SAML 2.0 as the Sign on method value.
-
Give the app a recognisable name, e.g. IntelligenceBank SSO. Click Next.
-
Under Single Sign On URL, enter your IntelligenceBank domain URL with
/authappended to the end. -
Under Audience URI (SP Entity ID), enter a custom name value for this integration. This value will be used later in IntelligenceBank under ServiceProvider (e.g.
IntelligenceBank). - Click Next.
-
Provide feedback to Okta on the last step as needed and save your app.
- You should now see your app listed. Click on it.
-
Go to Sign On and click the View Setup Instructions button. Keep this page open when setting up IntelligenceBank as per the steps below.
-
Once IntelligenceBank is set up, assign the users who should have access to the IntelligenceBank SAML App.
In IntelligenceBank
-
Go to the Authenticator module area, located at
https://myintelligencebankdomain/auth. - Click Add New.
- Copy and paste the Identity Provider Single Sign-On URL (1) value (from the View Setup Instructions page) into the RemoteURL field.
- Copy and paste the Identity Provider Issuer (2) value (from the View Setup Instructions page) into both the Name and Host fields.
-
Copy and paste the X.509 Certificate value (from the View Setup Instructions page) into the CertData field — without the
BEGIN CERTIFICATEandEND CERTIFICATElines. - Enable Base64Attributes.
- Enter the Audience URI (SP Entity ID) value entered previously in Okta into the ServiceProvider field.
- Optionally, enter your organisation name into the OrganizationName and OrganizationDisplayName fields.
-
Optionally, enter a logout destination URL into the SingleLogoutService field (e.g.
https://ssodemo.intelligencebank.com/logout). - Click Save.
-
When ready to turn the Authenticator on, update it to Disabled = Off. All users will be enabled as SSO Users by default. To disable SSO authentication for specific users, go to their profile under Admin > Users and enable the IntelligenceBank Login option.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article