🌐Single Sign-On (SSO)

SSO services allow a user to use one set of login credentials to access multiple applications/SaaS.

This functionality is included in the "Enterprise" plan only.

Step 1

Click Admin as illustrated in the following screen:

Step 2

From the Okta Dashboard, click Add Application.

Step 3

ClickCreate New App, as illustrated below:

Step 4

In the following screen, ensure Web is selected as Platform. Select"SAML2.0" and click Create.

Step 5

Under the first step "General Settings", enter an application name (e.g.: “RandomCoffee”)and then click next.

Step 6

Under the second step “Configure SAML”, section A “SAML Settings”, enter the RandomCoffee service provider details which can be found on the SSO Setup page of your RandomCoffee organization, in the “Service Provider Details” section.

Now, download the encryption certificate by clicking “Download as file” at the end of the Service Provider Details section. You will upload this later in the Okta SAML configuration section, which is explained below.

In the following screen, click the Show Advanced Settings link to configure advanced SAML assertion settings.

Step 7

Configure the options as shown below. Ensure your field options reflect these values.

For the Encryption Certificate, upload the encryption file in the Encryption Certificate field shown above (remember, you downloaded the encryption file by clicking Download as a file link in the RandomCoffee Service Provider Details section earlier). Click Next to continue.

Step 8

Scroll down to the “Attribute Statements” section and add the following key-value pairs.

  • emailuser.email

  • firstNameuser.firstName

  • lastNameuser.lastName

Step 9

Under the third step “Feedback”, select “I’m an Okta customer adding an internal app”, check “This is an internal app that we have created”, and then click Finish.

Step 10

Move over to the Sign On tab, and click the View Setup Instructions button.

The View Setup Instructions screen comes populated with values that you should copy and paste into the Identity Provider Details section.

Step 11

Copy the Identity Provider Single Sign-On URL, Identity Provider Issuer, and X.509 Certificate from the below screen.

And paste them in the corresponding sections of the Identity Provider Details screen as shown below:

Click Save Authentication.

Last updated