Setting up SAML Single Sign On with OKTA

Modified on Mon, 29 Jun at 1:51 PM

Note: This article is to be used in conjunction with Adding a New SAML Authenticator & Enabling Single Sign On.

The steps below outline how to set up SSO between IntelligenceBank and Okta using the generic SAML 2.0 custom app setup.

An IntelligenceBank SSO Application for Okta is also directly available when browsing through the Applications list. Steps are similar though simplified, as unnecessary options will not appear. You can find the Okta documentation here.

In Okta

  1. Sign in to Okta as an Administrator.
  2. Navigate to and click on Applications on the navigation menu.
  3. Click Create New App, and select SAML 2.0 as the Sign on method value.

    Okta Create New App dialog with SAML 2.0 selected

  4. Give the app a recognisable name, e.g. IntelligenceBank SSO. Click Next.

    Okta app wizard step 1 — app name field

  5. Under Single Sign On URL, enter your IntelligenceBank domain URL with /auth appended to the end.
  6. Under Audience URI (SP Entity ID), enter a custom name value for this integration. This value will be used later in IntelligenceBank under ServiceProvider (e.g. IntelligenceBank).

    Okta wizard step 2 — Single Sign On URL and Audience URI fields

  7. Click Next.
  8. Provide feedback to Okta on the last step as needed and save your app.

    Okta wizard step 3 — feedback and save

  9. You should now see your app listed. Click on it.
  10. Go to Sign On and click the View Setup Instructions button. Keep this page open when setting up IntelligenceBank as per the steps below.

    Okta Sign On tab with View Setup Instructions button highlighted

    Okta Setup Instructions page showing IdP metadata values

  11. Once IntelligenceBank is set up, assign the users who should have access to the IntelligenceBank SAML App.

    Okta Assignments tab for assigning users to the IntelligenceBank SAML app

In IntelligenceBank

  1. Go to the Authenticator module area, located at https://myintelligencebankdomain/auth.
  2. Click Add New.
  3. Copy and paste the Identity Provider Single Sign-On URL (1) value (from the View Setup Instructions page) into the RemoteURL field.
  4. Copy and paste the Identity Provider Issuer (2) value (from the View Setup Instructions page) into both the Name and Host fields.
  5. Copy and paste the X.509 Certificate value (from the View Setup Instructions page) into the CertData field — without the BEGIN CERTIFICATE and END CERTIFICATE lines.
  6. Enable Base64Attributes.
  7. Enter the Audience URI (SP Entity ID) value entered previously in Okta into the ServiceProvider field.
  8. Optionally, enter your organisation name into the OrganizationName and OrganizationDisplayName fields.
  9. Optionally, enter a logout destination URL into the SingleLogoutService field (e.g. https://ssodemo.intelligencebank.com/logout).
  10. Click Save.
  11. When ready to turn the Authenticator on, update it to Disabled = Off. All users will be enabled as SSO Users by default. To disable SSO authentication for specific users, go to their profile under Admin > Users and enable the IntelligenceBank Login option.

    User profile showing IntelligenceBank Login option to override SSO

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article