Overview:
As a software developer, you choose to provide your customers the potential to signal in immediately to your software the usage of Okta for identification management. To do so, your utility desires to aid federated Single Sign-On (SSO). In this scenario, your utility depends on Okta to serve as an exterior Identity Provider (IdP).
Choosing a protocol
Okta helps two protocols for coping with federated SSO:
1.OpenID Connect (OIDC)
2.Security Assertion Markup Language (SAML)
Your preference of protocol relies upon in the main on your use case, however OIDC is commonly endorsed for new integrations.
OIDC features
•An identification layer on the pinnacle of the OAuth two (opens new window)protocol.
•Verifies end-user identification and obtains profile information.
•Lightweight and REST-based.
•Ideal for cellular and cloud applications.
•Newer protocol with significant usage. Some more recent purposes solely aid OIDC.
Have a Look on: Cisco UCS
SAML features
•Widely used federation protocol for SSO in Web applications.
•Many SaaS vendors aid SAML integration to furnish SSO get right of entry to cease users.
•Specification doesn’t have consumer consent, though it can be constructed into the flow.
•Larger in measurement due to the fact XML messages are transmitted returned and forth.
Organizations
•In a regular scenario, your utility depends on Okta to act as a multi-tenant Identity Provider (IdP) for your customers’ Okta organizations.
•An Okta org acts as a container that unites difficult boundaries for all users, applications, and different entities related with a single customer, offering tenant-based isolation.
•In creating your SSO app integration, the customer’s Okta org serves as the Authorization Server (OIDC) or as the IdP (SAML).
Publishing: This information assumes that you intend to boost an app integration and make it public by publishing it in the Okta Integration Network (OIN). If you favor a custom app integration that is meant for personal deployment within your personal company, use the Okta App Integration Wizard (AIW) (opens a new window)to create your app integration.
Prepare your integration: After you have determined which protocol is proper for your needs, you want to collect some data for your integration.
Prepare a SAML integration
In a SAML integration, Okta is the Identity Provider (IdP), and your software is the Service Provider (SP). If you want greater history on the protocol or for SAML satisfactory practices for your application, overview our SAML thinking documentation.
Before you create a new SAML integration in Okta:
•Determine the default Assertion Consumer Service (ACS) URL for your integration. This is regularly referred to as the SP sign-in URL. This is the endpoint on your software the place the SAML responses are posted.
•Find your Audience URI. This is every now and then referred to as the SP Entity ID or the Entity ID of your application.
•(Optional). Set up a Default Relay State page, the place customers land after they efficiently signal into the SP the use of SAML. This ought to be a legitimate URL.
•Gather any required SAML attributes. You can select to share Okta consumer profile area values as SAML attributes with your application.
Create your integration: After you have your historical past information, you can use the Okta Admin Console and the Application Integration Wizard (AIW) to create your SSO integration inside the Okta org related with your developer account.
1.Sign in to your Okta developer account as a person with administrative privileges.
2.In the Admin Console, go to Applications > Applications.
3.Click Create App Integration.
4.Create a SAML integration
5.Select SAML two in the Sign-in technique section.
6.Click Next.
•On the General Settings tab, enter a title for your integration and optionally add a logo. You can additionally select to disguise the integration from your end-user’s Okta dashboard or cell app. Click Next.
•On the Configure SAML tab, use the SAML statistics that you gathered in the coaching step to configure the settings of your integration. See Create a SAML integration using AIW (opens new window)in the Okta product documentation.
•In the Single signal on the URL field, enter the Assertion Consumer Service (ACS) URL.
•Enter the Audience URI into the Audience URI (SP Entity ID) field.
•Choose the Name ID structure and Application username that have to be despatched to your software in the SAML response (for example, EmailAddress and Email) or go away the defaults.
•In the Attribute Statements (optional) section, enter the SAML attributes to be shared with your application. For example:
1.Name (in SAML application) Value (in Okta profile)
2.FirstName user.firstName
3.LastName user.lastName
4.Email user.email
If your org makes use of corporations to categorize users, fill in the Group Attribute Statements (optional) part to filter by using team membership in your SAML assertion. For example:
1.Name — groups
2.Filter — Matches regex
3.Value — .*
4.You can preview the generated SAML statement by way of clicking Preview the SAML Assertion in Section B.
5.Click Next.
6.In the remaining introduction step, the Feedback tab helps Okta to apprehend how you prefer to function this application.
If you are solely growing an inside SAML integration:
•Select I’m an Okta purchaser including an inner app.
•For the test containers that appear, pick the App kind, take a look at the field if your employer created the integration and it may not be launched publicly. If you take a look at this box, you do not want to enter any similar information.
•Select the Contact app dealer and take a look at the container if Okta wishes to contact you to allow SAML for the integration. If you pick this, take a look at the box, you want to furnish similarly ordinary facts about your integration to the Okta OIN team.
•Click Finish.
For ISVs that are developing a SAML integration for the OIN:
•I’m a software program vendor. I’d like to combine my app with Okta.
•Click Finish.
•Specify your integration settings
•This element of the information takes you via the steps for configuring your precise SSO integration and the usage of the Okta Admin Console.
•After you create your integration in the Create your integration step, the Admin Console opens the primary settings web page for your new integration. In here, you can specify General Settings and Sign On options, as nicely as assign the integration to customers in your org. Click Edit if you want to exchange any of the options, and Save when you have made your changes.
Specify SAML settings
On the General tab, in the Application area, you can rename your integration and pick out visibility and launch options. You can additionally make any adjustments to the SAML settings if they are modified from your unique values.
On the Sign On tab, you can download the Identity Provider metadata for your integration. This statistics is wanted to configure the SAML connection settings interior your SAML SP application:
•In the SIGN ON METHODS section, stumble on the Identity Provider metadata hyperlink proper above the CREDENTIALS DETAILS section.
•Right-click the Identity Provider metadata hyperlink and choose Copy Link Address. The metadata contained at this hyperlink has the facts required through your SAML SP application.
•We advocate copying the Identity Provider metadata hyperlink to dynamically configure the metadata. If your SP does not help dynamic configuration, you can click on the Identity Provider metadata hyperlink instead, and a new browser tab launches with the records that you need:
1.Identity Provider Issuer
2.X.509 Certificate
3.Identity Provider Single Sign-On URL
4.In your SAML SP application, you can paste the hyperlink or the metadata as required to configure the IdP metadata.
Test your integration: This element of the information takes you via the steps required to take a look at your integration.
Assign users:
1.First you need to assign your integration to one or extra check customers in your org:
2.Click the Assignments tab.
3.Click Assign and then pick out both Assign to People or Assign to Groups.
4.Enter the fantastic human beings or corporations that you choose to have Single Sign-On into your application, and then click on Assign for each.
5.For any human beings that you add, confirm the user-specific attributes, and then choose Save and Go Back.
6.Click Done.
Test Single Sign-On:
•Sign out of your administrator account in your improvement org. Click Sign out in the upper-right nook of the Admin Console.
•Sign in to the Okta End-User Dashboard as the everyday person that used to be assigned the integration.
•In your dashboard, click on the Okta tile for the integration and verify that the person is signed in to your application.
Improve your Skills with: Adobe Analytics Tutorial
Conclusion:
Okta is one of the best courses in the IT Industry. With GoLogica’s path on Okta training classes , you will be mastering – Introduction to SSO, why Okta is different, Using SAML, Okta LDAP integration for on premise application, Admin roles and responsibilities.
Author Bio:
Priyanka Dasari is an expert writer at GoLogica and contributes in-depth articles on various Technologies. I’ve 2.5 years of experience in content writing and I’m passionate about writing technical content. Contact me Linkedin