SSO - Okta
How to set up okta
Step 1: Select Your Org from the dropdown menu
Log in to Okta and click on your username to open a dropdown navigation menu and select Your Org
Step 2: Select Admin
Select the Admin button located in the upper right of the Okta website
Step 3: Select Add Applications
Add Applications can be found on the Shortcuts menu located on the right-hand side of the page.
Step 4: Select Create New App
You will need to create your own application. To do so select the green button Create New App.
Step 5: Select sign on method
Select SAML 2.0 as your sign on method, and then select Create.
Step 6: Name your app
Give an appropriate name to your app. The rest of the options on this screen are not mandatory. Select Next when done.
Step 7: URL and URI
Your Single sign on URL is your community domain with /saml.digest appended. For example https://dune.igloocommunities.com/saml.digest. Make sure the option “Use this for Recipients URL and Destination URL” is selected. Similarly, Audience URI is just your community domain.
Step 8: Attribute statements
The following three Attribute Statements should be added:
- FName - Unspecified - user.firstName
- LName - Unspecified - user.lastName
- Email - Unspecified - user.email
Step 9: Group attributes
Leave Group Attributes Statements blank.
Step 10: Next
Select Next to proceed to the next part of setup.
Step 11: Customer or partner
Select, I’m an okta customer adding an internal app. The rest of the form can be left blank. Select Finish when done.
Step 12: View setup instructions
After completing Step 11 you will be brought to the Sign On tab of the app. Select View Setup Instructions.
Step 13: Info for your community
Make note of your Identity Provider Single Sign-On URL, and X.509 Certificate.
Step 14: Add a user to your app
Navigate to the People tab of your app and select Assign to People.
Step 15: Select people
Assign those who you want to have access to your app and then select Done.
Step 16: Access your sign in settings
From your Control Panel, select Sign in Settings located underneath the Membership heading.
Step 17: Select configure SAML Authentication
At the bottom of the Sign in Settings options there is a link Configure SAML Authentication, select it.
Step 18: General configuration
Copy the Identity Provider Single Sign-On URL from Step 13 into the field IdP Login URL. Then copy the X.509 Certificate from Step 13 to the Public Certificate field of the General Configuration.
Step 19: Response and Authentication Configuration
Ensure that your settings for this section matches those in the image below. The attribute statements are:
- Email /samlp:Response/saml:Assertion/saml:AttributeStatement/saml:Attribute[ =”Email”]/saml:AttributeValue
- First Name /samlp:Response/saml:Assertion/saml:AttributeStatement/saml:Attribute[ =”FName”]/saml:AttributeValue
Last Name /samlp:Response/saml:Assertion/saml:AttributeStatement/saml:Attribute[=”LName”]/saml:AttributeValue
Step 20: Other settings
Ensure that your remaining settings are configured as desired. Details can be found here.