Okta - SSO guide

Okta - SSO Setup

Create an App integration

You will need an Admin account!

Once your Admin account is ready,

  1. Navigate to “Applications” from the sidebar menu

  2. Select the “Create App Integration” button

     

  3. On the select the “SAML 2.0” option

     

  4. Choose a name for your app and select the “Next” button

     

  5. Open the External Share global settings and navigate to the “SSO Configuration” tab on a separate page

  6. Copy the data from External Share SSO configuration and paste it into the Okta Configure SAML step

    1. Required value “Single sign on URL“ can be found on External Share SSO configuration as “Assertion Consumer URL“

    2. Required value “Audience URI (SP Entity ID)“ can be found on External Share SSO configuration as “Issuer ID“

    3. Required value “Default RelayState“ can be found on External Share SSO configuration as “Default RelayState“

       

  7. Click on the “Application username” dropdown menu and select the “Email” option

  8. Scroll down to the “Attribute statements” section

  9. Create 3 attributes

    1. Name: givenname - Value: user.firstName

    2. Name: surname - Value: user.lastName

    3. Name: emailaddress- Value: user.email

  10. Scroll down and select the “Next button”

  11. Provide your feedback and select “Finish”

SAML setup

Select the application you created and click on the “Sign on” tab, scroll down and you will see a section called “SAML Signing Certificates”, at the right side of this section there is a button called “View SAML setup instructions”.

  1. Click on the “View SAML setup instructions” button

  2. Copy the value from the first step “Identity Provider Single Sign-On URL” and paste it into the “Login URL” field on the External Share SSO configuration tab.

  3. Copy the value from the second step “Identity Provider Issuer” and paste it into the “Identifier” field on the External Share SSO configuration tab.

  4. Copy the value from the third step “X.509 Certificate” and paste it into the “Certificate” field on the External Share SSO configuration tab.

  5. Save

There are no users assigned at this stage.

Assign users

  1. On Okta, navigate to the “Directory” tab

  2. Select the “People” sub-tab

  3. Add a user and assign them to the application

Configuring SSO does NOT automatically limit users share access to SSO, you must first Require Corporate SSO login when accessing shares.

If you wish to ensure the identity of external users is checked with your identity provider when accessing shares, you must require this option in the security tab in External Share.