Okta

In this document you are going to set up IDmelon as an external IdP to the Okta.

Login to Okta administration panel


In order to set up the connection, you will need to log into to your Okta administration panel.

To login to the Okta administration panel, click the Admin button on the top right corner of OKTA user panel page.

Add Identity Provider


In the Okta administration panel, from the side menu, navigate to the Security menu.

Then from the Security menu, select the Identity Providers sub menu.

Then press Add Identity Provider button from the main panel.

Then select the SAML 2.0 IdP, from available options, and then press Next button.

Configure SAML 2.0 IdP


To configure SAML 2.0 IdP, fill the values of settings as below.

In the General settings section:

Name Your custom name.

In the Authentication Settings section:

IdP Usage SSO Only.

IdP username idpuser.subjectNameId.

In the SAML Protocol Settings section:

Get all values for {..} from your IDmelon panel.
If you are currently login here, you will see the replaced values instead.

IdP Issuer URI idp_issuer_uri

IdP Single Sign-On URL idp_single_sign_on_url

IdP Signature Certificate idp_certificate_download_url

Request Binding HTTP POST.

In the continuation of SAML Protocol Settings section:

Get all values for {..} from your IDmelon panel.
If you are currently login here, you will see the replaced values instead.

Request Signature | Sign SAML Authentication Requests:Should be selected.

Request Signature Algorithm:SHA-256.

Response Signature Verification:Response or Assertion.

Response Signature Algorithm:SHA-256.

Destination: idp_destination

Okta Assertion Consumer Service URL | Trust-specific:Should be selected.

Max Clock Skew:2 Minutes.

And at the end click the Finish button.

Setup IdP Routing rules


After completing Identity providers section, click on Routing rules and then Add new rule by clicking Add Routing Rule Button.

Then configs are:

choose custom Rule Name.

Use This identity provider :Use specific IdP(s).

Idp(s) :Enter your custom name of idp.

click on Update rule.

Activate your new idp rule by clicking on Active button.

IDmelon SAML configuration


After completing previous Setup Okta connection section and submitting the form, you can see a new IdP added to your list.

Expand the details by clicking on the small arrow left to the added record on the list.

You should copy values of below fields from the Okta panel to the IDmelon Panel:

SAML metadata.

Assertion Consumer Service URL.

Audience URI.

Passwordless


For active Passwordless or one Factor access , from the side menu, navigate to the Security menu and select the Authentication Policies sub menu.

Then click on any application you wanted to use as one Factor access.

Then click on Actions button and then click the Edit option.

In the THEN section of Edit Rule set values as below:

AND User must authenticate: Password / IdP.

And then click Save button.

API Token


From the side menu, navigate to the Security menu and select the API sub menu.

And then click the Token tab from main page, and then click the Create token button.

Enter the desired name for your API token.

And then copy The value of created API token.

Note : please paste this option to Idmelon okta Integration on Check Connection field.

The created Token will be shown in the token list.