Setting up single sign-on (SSO) using Okta
Prerequisites: Okta must already be in use, and an Okta administrator account is required for this configuration.
Brightly Assetic Cloud Platform supports single sign-on (SSO) logins through SAML 2.0. There are many different SAML 2.0 identity provider (IdP) available in the market. Okta is one of them.
The first step in configuring an Assetic environment to support SAML-based Single Sign-On from Okta is to set up the environment as an application in Okta.
Here are the steps for setting up an Assetic environment as a SAML application in Okta:
Configuring the Okta Application
Log in to Okta as a user with administrative privileges, and click on the “Admin” button:
Click on the “Add Applications” shortcut:
Click on the “Create New App” button:
In the dialog that opens, select the “SAML 2.0” option, then click the “Create” button:
This will bring up step 1 of creating the SAML Integration, “General Settings.” Enter the name of the Assetic environment as it will appear in Okta (E.g. ‘Assetic Learning’) in the “App name” field, then click the “Next” button:
This will bring up step 2 of creating the SAML Integration, “Configure SAML.” In section A, “SAML Settings”, the “Single sign on URL” and “Audience URI (SP Entity ID)” fields should be completed as follows with the appropriate URL for the Assetic environment:
- Single sign on URL: https://ExampleEnvironment.assetic.net/Account/SAMLLogin
- Audience URI (SP Entity ID): https://ExampleEnvironment.assetic.net
Set the Name ID Format as EmailAddress:
In the “Attribute Statements” section, add a pair of attribute statements:
- “FirstName” set to “user.firstName”
- “LastName” set to “user.lastName”
Click Next to continue. This will bring up step 3, "Feedback," where feedback can optionally be provided to Okta. Then click Next.
The “Sign On” section of the newly created application will appear:
Click on the 'View Setup Instructions' button to be taken to a page that lists has the URLs and the certificate that will need to be added into the Assetic cloud platform to complete the SSO set-up:
Keep this page open for use later when copying these values into the cloud environment.
Configuring Brightly Assetic Cloud Platform
After setting up Okta, the Assetic Cloud Platform needs to be configured to authenticate using SAML. First, launch the Assetic Cloud Platform in a web browser, and log in with an Admin account.
Next, select "Admin" from the primary navigation drop-down, and "User Management" from the secondary navigation drop-down, and select the Identity Provider tab:
Click the "Edit" button, and paste in the Identity Provider Single Sign-On URL, Identity Provider Issuer, and X.509 Certificate from the 'View Setup Instructions' page in Okta into each field:
Click the 'Is Enabled' checkbox so turn on SSO, and click the Save button to complete the configuration. A successfully saved message appears at the bottom of the page to confirm the configuration. The environment can be restricted to allow only Single Sign-On logins with the appropriate checkbox.
