πSingle Sign-On (SSO)
SSO services allow a user to use one set of login credentials to access multiple applications/SaaS.
This functionality is included in the "Enterprise" plan only.
Step 1
Click Admin as illustrated in the following screen:
Step 2
From the Okta Dashboard, click Add Application.
Step 3
ClickCreate New App, as illustrated below:
Step 4
In the following screen, ensure Web is selected as Platform. Select"SAML2.0" and click Create.
Step 5
Under the first step "General Settings", enter an application name (e.g.: βRandomCoffeeβ)and then click next.
Step 6
Under the second step βConfigure SAMLβ, section A βSAML Settingsβ, enter the RandomCoffee service provider details which can be found on the SSO Setup page of your RandomCoffee organization, in the βService Provider Detailsβ section.
Now, download the encryption certificate by clicking βDownload as fileβ at the end of the Service Provider Details section. You will upload this later in the Okta SAML configuration section, which is explained below.
In the following screen, click the Show Advanced Settings link to configure advanced SAML assertion settings.
Step 7
Configure the options as shown below. Ensure your field options reflect these values.
For the Encryption Certificate, upload the encryption file in the Encryption Certificate field shown above (remember, you downloaded the encryption file by clicking Download as a file link in the RandomCoffee Service Provider Details section earlier). Click Next to continue.
Step 8
Scroll down to the βAttribute Statementsβ section and add the following key-value pairs.
email
βuser.email
firstName
βuser.firstName
lastName
βuser.lastName
Step 9
Under the third step βFeedbackβ, select βIβm an Okta customer adding an internal appβ, check βThis is an internal app that we have createdβ, and then click Finish.
Step 10
Move over to the Sign On tab, and click the View Setup Instructions button.
The View Setup Instructions screen comes populated with values that you should copy and paste into the Identity Provider Details section.
Step 11
Copy the Identity Provider Single Sign-On URL, Identity Provider Issuer, and X.509 Certificate from the below screen.
And paste them in the corresponding sections of the Identity Provider Details screen as shown below:
Click Save Authentication.