Okta

In this document you are going to set up IDmelon as an external IdP to the Okta.

Login to Okta administration panel

In order to set up the connection, you will need to log into your Okta administration panel.

To login to the Okta administration panel, click the Admin button on the top right corner of OKTA user panel page.

alt

Add Identity Provider

In the Okta administration panel, from the side menu, navigate to the Security menu.

alt

Then from the Security menu, select the Identity Providers sub-menu.

alt

Then press Add Identity Provider button from the main panel.

alt

Then select the SAML 2.0 IdP from available options, and then press Next button.

alt

Configure SAML 2.0 IdP

To configure SAML 2.0 IdP, fill the values of settings as below.

In the General settings section:

  • Name: Your custom name.

In the Authentication Settings section:

  • IdP Usage: SSO Only.
  • IdP username: idpuser.subjectNameId.

In the Account matching with Idp Username section:

  • Account link policy: Authomatic.

alt alt

In the SAML Protocol Settings section:

Get all values for {..} from your IDmelon panel. If you are currently login here, you will see the replaced values instead.

  • IdP Issuer URI: idp_issuer_uri
  • IdP Single Sign-On URL: idp_single_sign_on_url
  • IdP Signature Certificate: idp_certificate_download_url
  • Request Binding: HTTP POST

alt

In the continuation of SAML Protocol Settings section:

Get all values for {..} from your IDmelon panel. If you are currently login here, you will see the replaced values instead.

  • Request Signature | Sign SAML Authentication Requests: Should be selected.
  • Request Signature Algorithm: SHA-256.
  • Response Signature Verification: Response or Assertion.
  • Response Signature Algorithm: SHA-256.
  • Destination: idp_destination
  • Okta Assertion Consumer Service URL | Trust-specific: Should be selected.
  • Max Clock Skew: 2 Minutes.

And at the end click the Finish button.

alt

Setup IdP Routing rules

After completing Identity providers section, click on Routing rules and then Add a new rule by clicking Add Routing Rule Button.

alt

Then configs are:

  • Choose custom Rule Name.
  • Use This identity provider: Use specific IdP(s).
  • Idp(s): Enter your custom name of idp.

alt

  • Click on Update rule.

Activate your new idp rule by clicking on Active button.

IDmelon SAML configuration

After completing previous Setup Okta connection section and submitting the form, you can see a new IdP added to your list.

Expand the details by clicking on the small arrow left to the added record on the list.

You should copy values of below fields from the Okta panel to the IDmelon Panel:

  • SAML metadata.
  • Assertion Consumer Service URL.
  • Audience URI.

alt

Passwordless

For active Passwordless or one Factor access, from the side menu, navigate to the Security menu and select the Authentication Policies sub-menu.

alt

Then click on any application you wanted to use as one Factor access.

alt

Then click on Actions button and then click the Edit option.

alt

In the THEN section of Edit Rule set values as below:

  • AND User must authenticate: Password / IdP.

And then click Save button.

alt

API Token

From the side menu, navigate to the Security menu and select the API sub-menu.

And then click the Token tab from main page, and then click the Create token button.

alt

Enter the desired name for your API token.

alt

And then copy the value of the created API token.

alt

Note: please paste this option to IDmelon okta Integration on Check Connection field.

The created Token will be shown in the token list.

alt

Edit this page on GitHub
×